Developers Help Hackers Get Malicious Apps Into Apple App Store

Apple has confirmed the removal of malicious apps from its App Store.

 

Yes, the Apple App Store was actually hacked and Apple’s developers helped pull it off. After numerous reports from cyber security firms, the Cupertino giant finally confessed that its App Store, which hosts apps for both its desktop and mobile platforms, was hosting malicious apps.

These apps (which go into the hundreds) have now been removed from the App Store, according to Apple spokeswoman, Christine Monaghan.

Seems that the next target for hackers are the developers indeed.

In this scenario, hackers got Apple developers to download its popular Xcode development platform from other websites. Apple devs usually head there to download the development software faster, but did not realise that they were indeed using a tainted version of Xcode called XcodeGhost.

XcodeGhost managed get the hacker’s job done via the developers who released their tainted apps with malicious code unknowingly in the App Store. More importantly these apps were downloaded by many users as they came from trusted developers.

Now that the apps have been removed from the App Store, Apple is working with developers to ensure that they use the right version of Xcode so that future attacks can be prevented.

As far as the damage is concerned, Palo Alto Networks a Security firm confirmed that XcodeGhost did not do much damage and that there was data theft involved. This is due to the malware's limited functionality.

Still then, it is interesting to see how hackers managed to find their way (they seem to be getting pretty creative at it) in the App Store that for long was supposed to be almost malware free. Prior to the current attack, there were just about five instances of malicious apps entering the Apple App Store.


TAGS: Apple, iOS, OS X, App Store