Malware-ridden apps found in Apple's Chinese App Store

Sponsored Links

Roberto Baldwin
September 18, 2015 9:23 PM
Malware-ridden apps found in Apple's Chinese App Store

The iOS App Store is usually a trustworthy source of software. But as hackers tend to do, they found a way to get their nefarious wares into the China version of the software supermarket. By using altered versions of Apple' development tool Xcode they were able to slip malware into apps being built by unaware devs. The problem started when developers downloaded altered versions of Xcode (named "XcodeGhost" Alibab researchers) from third-party sites. When apps built with the modified compiler are launched, they collect the phone's name, UUID, language and country, current time and network type. That data is then encrypted and sent to servers. Not a huge breach, but no one wants to be tracked by unknown sources.

The bigger issue is that these apps made it into Apple's App Store in China. While only a handful of apps have gotten past Apple's strict security, all it takes is one app with an aggressive piece of malware to destroy the trust customers have put in Apple. Fortunately, the apps have only been seen in the App Store in China.

Also, developers shouldn't be downloading their tools from random third-party sites. Just a thought.

Turn on browser notifications to receive breaking news alerts from Engadget
You can disable notifications at any time in your settings menu.
Not now

Apple has not responded to requests for comment about XcodeGhost and the infected apps.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission. All prices are correct at the time of publishing.
Popular on Engadget