Apple has said it is taking steps to remove malicious code
added to a number of apps commonly used on iPhones and iPads in China.
It is thought to be the first large-scale attack on Apple's
App Store.
The hackers created a counterfeit version of Apple's
software for building iOS apps, which they persuaded developers to download.
Apps compiled using the tool allow the attackers to steal
data about users and send it to servers they control.
Cybersecurity firm Palo Alto Networks - which has analysed
the malware dubbed XcodeGhost - said the perpetrators would also be able to
send fake alerts to infected devices to trick their owners into revealing
information.
It added they could also read and alter information in
compromised devices' clipboards, which would potentially allow them to see
logins copied to and from password management tools.
WeChat is one of China's most popular chat apps, and is also
used outside the country to a lesser extent
Infected applications includes Tencent's hugely popular
WeChat app, NetEase's music downloading app and Didi Kuaidi's Uber-like car
hailing app.
Some of the affected apps - including the business card
scanner CamCard - are also available outside China.
"We've removed the apps from the App Store that we know
have been created with this counterfeit software," said Apple spokeswoman
Christine Monaghan.
"We are working with the developers to make sure
they're using the proper version of Xcode to rebuild their apps," said
Christine Monaghan.
On its official WeChat blog, Tencent said the security issue
affected an older version of its app - WeChat 6.2.5 - and that newer versions
were not affected.
It added that an initial investigation showed that no data
theft or leakage of user information had occurred.
Credits: BBC Tech
No comments:
Post a Comment