![]() ![]() Prompt a fake alert dialog to phish user credentials. ![]() Palo Alto Networks also discovered that infected iOS apps can receive commands from the attacker through the C2 server to perform the following actions: The system and app information that can be collected includes: How does XcodeGhost put my iOS devices at risk? iOS apps infected with XcodeGhost malware can and do collect information about devices and then encrypt and upload that data to command and control (C2) servers run by attackers through the HTTP protocol. ![]() ![]() Which unofficial versions of Xcode are affected? All unofficial versions between Xcode 6.1 and Xcode 6.4. How many users are affected? XcodeGhost potentially affects more than 500 million iOS users, primarily because messaging app WeChat is very popular in China and the Asia-Pacific region. Which apps are affected? Palo Alto Networks has shared a full list of over 50 infected iOS apps, including WeChat, NetEase Cloud Music, WinZip, Didi Chuxing, Railway 12306, China Unicom Mobile Office and Tonghuashun. The malware affects both stock and jailbroken devices. Which devices are affected? iPhone, iPad and iPod touch models running an iOS version compatible with any of the infected apps. Those apps then managed to pass through Apple's code review process, enabling iOS users to install or update the infected apps on their devices. How is XcodeGhost distributed? A malicious version of Xcode was uploaded to Chinese cloud file sharing service Baidu and downloaded by some iOS developers in China.Ĭhinese developers then unknowingly compiled iOS apps using the modified Xcode IDE and distributed those infected apps through the App Store. What is XcodeGhost? XcodeGhost is a new iOS malware arising from a malicious version of Xcode, Apple's official tool for developing iOS and OS X apps. MacRumors has created a FAQ so you can learn more about XcodeGhost and how to keep your iOS devices protected. cybersecurity firm Palo Alto Networks has since published details about the malware. Earlier this week, Chinese developers disclosed new iOS malware called XcodeGhost on microblogging service Sina Weibo. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |