Chinese developers on Weibo were the first to highlight the malware, which was then analyzed by researchers fromAlibaba.
Further, security companyPalo Alto Networksverified the results.
The hack entirely depends around Xcode, a tool used to create iOS and OS X apps.
Generally,Xcodecan be downloaded directly from Apple for free.
However, it is possible to get Xcode from other sources too, such as developer forums.
Many developers chose to grab Xcode from theBaiducloud file sharing service rather than straight from Apple.
However, the malware is not so delicate.
That makes XcodeGhost potentially more dangerous and it seems to be an entry point onto iPhones for further exploitation.
This response contains multiple possible commands.
One of them specifies a message to send to the user in the form of an alert prompt.
We have evidence that this was used to phish iCloud credentials from users of infected apps.
The response can also contain a URL which the app will then open.
Not a huge breach, but no one wants to be tracked by unknown sources.
Any developers who obtained their copy of Xcode from an unofficial source could be affected.
Developers creating enterprise apps could also be affected by XcodeGhost.
Apple has not responded to requests for comment about XcodeGhost and the infected apps.
Should the consumers and people who have downloaded the malicious apps be worried?
I wouldnt worry too much, Miller says.
The apps that did get through did not look to do any unpleasant stuff.
If you made it really, obviously bad, probably [Apple] would catch it, Miller says.
Also, developers shouldnt be downloading their tools from random third-party sites.
source: www.techworm.net
