Apple kept mum about XcodeGhost malware attack against 128M users

By Deeba Ahmed Apparently, nearly 128 million iOS users downloaded apps containing the XcodeGhost malware but Apple did not inform users about the attack. This is a post from HackRead.com Read the original post: Apple kept mum about XcodeGhost malware attack against 128M users...

Trojanized Xcode Project Slips MacOS Malware to Apple Developers

Cybercriminals are targeting Apple developers with a trojanized Xcode project, which once launched installs a backdoor that has spying and data exfiltration capabilities. Xcode is comprised of a suite of free, open software development tools developed by Apple for creating software for macOS, iOS...

Security Bulletin: XcodeGhost iOS malware

Question Security Bulletin: XcodeGhost iOS malware Answer Summary A new iOS malware has been discovered which originates from a malicious version of Xcode, the Apple developer tool for creating iOS applications. The malicious Xcode was made available through a Chinese cloud service and downloaded...

132 Google Play Apps Booted For Having Malicious IFrames

Google removed 132 apps infected with malicious iFrames from its Google Play store after security researchers discovered a development platform used to create the apps was infected with malware and in turn compromised the apps. Palo Alto Networks’ Unit 42 researchers said the apps were infected...

Apple Patches Two Flaws in Xcode's Git Implementation

Apple has updated its Xcode development environment, patching two vulnerabilities in its implementation of git. Git is a version control system, and in March its handlers patched two flaws that exposed the software to remote code execution. The new version of Xcode, 7.3.1, is available for El...

XcodeGhost Malware Supports iOS9

New samples of XcodeGhost, malware targeting iOS devices, have surfaced beyond the borders of China with new support for iOS9 and obfuscation techniques making it that much harder to detect. iOS9 is only a few weeks old and included new security measures that allowed for only secure HTTPS...

XcodeGhost S: A New Breed Hits the US

Just over a month ago, iOS users were warned of the threat to their devices by the XcodeGhost malware. Apple quickly reacted, taking down infected apps from the App Store and releasing new security features to stop malicious activities. Through continuous monitoring of our customers’ networks,...

More than 250 iOS Apps Caught Using Private APIs to Collect Users' Private Data

Apple is cleaning up its iTunes App Store again – for the third time in two months – following another flood of iOS apps that secretly collect users’ personal information. Researchers discovered more than 250 iOS apps that were violating Apple's App Store privacy policy, gathering personal...

How to Protect Yourself against XcodeGhost like iOS Malware Attacks

Recently, Chinese iOS developers have discovered a new OS X and iOS malware dubbed XcodeGhost that has appeared in malicious versions of Xcode, Apple’s official toolkit for developing iOS and OS X apps. The hack of Apple’s Xcode involves infecting the compiler with malware and then passing that...

'The Hacker News' Weekly Roundup — 14 Most Popular Stories

To make the last week’s top cyber security threats and challenges available to you in one shot, we are once again here with our weekly round up. Last week, we came across lots of cyber security threats like the XCodeGhost malware in Apple’s App Store and lockscreen bypass bug in iOS 9 and iOS 9.0...

Apple's Biggest Hack Ever: 4000 Malicious iOS Store Apps Linked to CIA?

The First major cyber attack on Apple's App Store has now been linked to CIA Central Intelligence Agency. Last week, Researchers disclosed some 39 iOS apps on Apple's App Store infected by 'XCodeGhost Malware'. The Bad News is that the infection has now increased exponentially with the discovery ...

XcodeGhost Apple AppStore Malware

As more eyes peer into XcodeGhost, the malware that managed to sneak into Apple’s App Store, more trouble bubbles to the surface. Researchers at Palo Alto Networks said in an updated report that the malware contains a vulnerability that allows an attacker in man-in-the-middle position to control...

XcodeGhost iOS App Malware Contained

Concern over the so-called XcodeGhost malware has put the security of Apple’s App Store on the front page. While the App Store was not hacked, attackers did manage to append malicious code to a number of popular apps—most of those developed in China—and find a loophole in Apple’s code-scanning to...

Warning! Popular Apple Store Apps Infected with Data-Theft Malware

Unlike Google Play Store, Apple App Store is well known for not allowing any malformed apps to enter its Apple ecosystem because of its tight security checks. But, not anymore. Hundreds of malicious apps managed to get hosted on Apple's official App store and subsequently downloaded by several...

使用非官方渠道 Xcode 开发 App 造成的后门 (XcodeGhost)

经过对存在问题的应用进行 http 请求包进行抓取结果如下图 可以发现往 http://init.icloud-analysis.com 以POST的方式发送了数据, 而上述url则正是被爆出用于恶意收集用户信息的url 同时，XcodeGhost 病毒还可以在未越狱的 iPhone 上伪造弹窗进行钓鱼攻击，其生成的对话窗口仿真度非常高，很难辨别，因此用户如果在之前输入过iTunes密码，那么一定要尽快进行修改。 受影响部分应用列表： 微信IOS - 6.2.5 12306 - 2.12 滴滴出行 - 4.0.0.6 滴滴打车 - 3.9.7 高德地图 - 7.3.8 同花顺 -...