#Apple Removed 300 #Infected #Apps from App Store
APPLE HAS NOW removed over 300 pieces of software from the App Store, after malware that targeted developers managed to create infected iOS apps. On top of that, it looks like the apps are more dangerous to Apple customers than previously thought.
Several security companies have now banded together in the search for malicious iOS apps: Claud Xiao from PaloAlto Networks has reportedly discovered 39, Fox-IT also found a number of others, a representative told WIRED in an email. Many of those apps are popular in China, such as Railway 12306, used for purchasing train tickets, and a version of WeChat, a messaging app. Only the older version 6.2.5 is infected, whereas the app’s up-to-date version is clean.
However, it appears that some affected apps are also used by Apple customers in the United States. ‘CamCard’, an app for scanning and storing business cards, and which was a ‘Top Paid App’ in 2014, is also infected, according to Palo Alto Networks.
Originally, the malware was seen to be fairly innocuous: it could siphon off only small snippets of information such as a device’s ID, and the current time.
But according to findings from one researcher, and then built upon by Xiao, the infected apps are also capable of receiving commands from the attacker. These commands can apparently allow a hacker to read and write data to the victim’s clipboard, open specific URLs, or prompt a fake alert on the victim’s screen. Some of these could be used to steal passwords, Xiao claims.
Apple did not respond to multiple requests for comment, but company spokesperson Christine Monaghan told The Guardian in an email that “We’ve removed the apps from the app store that we know have been created with this counterfeit software,” and that “We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.”
Comments
Post a Comment