Apple purges malicious iPhone and iPad apps from App Store | TechRadar
http://www.techradar.com/news/software/ ... re-1304672

Sneaky, very sneaky.

I miss the days of marklar77 and the 50 page defence.

On the one hand, Apple does not appear to have been hosting the borked version of XCode on its servers. The implication from the coverage I've read is that impatient developers used a local 'mirror' site because the proper Apple download was being too slow. So either they knew they were potentially downloading from a dodgy site or someone was running a highly convincing cone of the Apple one.
I don't really think it's entirely fair to lay the blame for that part at Apples door, certainly not without more information.

On the other hand, it is a fair question to ask why the stuff made with GhostCode didn't get flagged up by the App Store vetting process.

I don't. What I do miss is the inevitable response from someone like Saspro pointing out that one of the core facts upon which his argument was based was wrong, and the whole house of cards coming crashing down.

I don't think it's even that - Apple tend to use Akamai or similar to host their big downloads and they have bandwidth to burn. The analysis I read suggested the core of the issue is national interconnects and the Great Firewall of China - it's simply true that anything coming in from outside China comes in much more slowly than something coming from inside China, so they tend to use local servers for things as a matter of choice and the authenticity of things didn't really come into the decision.

You could legitimately ask how the amended XCode got past the Mac OS X Gatekeeper system - the app should have been signed and if it was, modifying the download should have invalidated the signature. It's possible someone dumb/crazy enough to download something like XCode from god-knows-where would also be dumb/crazy enough to switch gatekeeper into 'run anything from anywhere' mode...


It looks very much more likely to have been a problem between chair and keyboard at the various developers.


If the GhostCode malware was inserted before the App was signed by the developer, it probably wouldn't immediately set off the sirens because essentially the developer 'vouched' for it. Apple do run app checks to see if the app is accessing things in a way that is obviously bad but given the malware coders know that happens, their code can circumvent a lot of those checks. Fundamentally, what Apple did was trust the developers and the developers turned out to be doing some pretty stupid things.

Frankly, the first thing that shoudl have happened is anyone who got caught like this should have their dev licences revoked.

Jon

Yeah. Pretty much what Jon said.

If the people who downloaded it had gatekeeper enabled they would have seen that the app either wasn't signed or wasn't signed by Apple.

Once that was done and the malicious Xcode was installed it could inject anything it wanted into the apps at build time. The malicious code would have been signed just like any normal app.

The whole thing is the cause of people being impatient. There are two ways to download Xcode and they didn't do either.

Apple have done the best hing of disabling any apps that have been built with the malicious version of Xcode. Doesn't mean they can stop the usage of it though


Sent from my iPhone using Tapatalk

The reports I've read and heard suggest it wasn't an "Apple" mirror, just a local server hosting a copy of XCode. No mention of who owned the server.

Reports yesterday were saying that they had found over 300 different affected apps now and it is still growing, but that Apple have stopped new apps from being able to be uploaded to the store and they are purging the affected apps as they are being discovered.

I assume/hope that by now they have automated way of scanning the app store for apps that have been compromised in this way. Given though there are several million apps on the app store, it's going to take a bit of time no matter how you do it.

I also hope the shareholders of some of the companies that have had their apps removed from the store (and are thus losing money by the second) are asking serious questions of their management in terms of the decision to outsource the coding to China. Angry Birds 2 is one of the apps apparently? They must be losing millions.

Jon

FireEye have now found over 4000 apps, many from Chinese brands with international reach (consumer electronics manufacturers, banks etc.). Although they have not released a list of affected apps.



http://www.theregister.co.uk/2015/09/23 ... _thousand/

And now a Chinese advertising company has hijacked Android devices...

http://www.theregister.co.uk/2015/09/23 ... al_botnet/