Following the successful attack on the iOS App Store this week, in which hundreds (and maybe even thousands) of applications were infected with malware and distributed by the App Store, Apple has published a support document urging developers to validate their installation of Xcode.
We recently removed apps from the App Store that were built with a counterfeit version of Xcode which had the potential to cause harm to customers. You should always download Xcode directly from the Mac App Store, or from the Apple Developer website, and leave Gatekeeper enabled on all your systems to protect against tampered software.
This successful attack on the App Store is fascinating in that it raises a whole number of interesting questions. First, how many applications have been infected with this attack? The number seems to keep on growing – from a few dozen to hundreds and even thousands – and includes several high-profile, popular applications like the Chinese WeChat (installed on virtually every Chinese iPhone), but also popular games such as Angry Birds 2. In fact, according to SourceDNA, several of the infected applications are still live in the App Store.
Second, how many more applications have been infected with other types of malware? If so many popular applications with this malware could be uploaded to and distributed by the App Store, you have to wonder how many more types of malware are currently lurking in the App Store that we don’t know about yet or that haven’t been detected by Apple.
Third – and this isn’t really a question but more of a tongue-in-cheek pondering – does this attack make iOS the least secure mobile operating system? This single attack alone has definitely successfully infected more iPhones than the total number of Android phones that have ever been infected – which I find strangely hilarious. WeChat alone has about 500 million users, and is installed on pretty much every Chinese iPhone, and several other of the infected applications are also hugely popular. Depending on how many people installed the infected updates, and how many of the applications ‘overlap’, we’re definitely looking at millions of infected iPhones, possible even more.
To quote Apple’s own Phil Schiller – “be safe out there”.
What does this malware actually do? Does it compromise root/admin privileges or something?