Malicious code sneaks through App Store’s defenses

Usually when you hear about malicious applications, it’s a case of hackers evading Google Play’s defenses. But it was recently discovered thousands of App Store apps have potential security flaws. 

The problem lies in the software development environment XCode. But a malicious version of XCode, dubbed XCodeGhost, has been found to have a malicious backdoor installed in it, according to Appthority.

This code, which was pushed out through online forums, has infected hundreds of apps which made it past Apple’s screening process to wind up in the App Store.

What it does

The code itself is surprisingly low-key. The malicious code has two main security risks:

  • it sends device information and app status notifications to a third-party server, and
  • it is able to open a URL.

According to Appthority, these risks may not quite rise to the level of malware. But it easily could have:

“Given our risk analysis results of infected apps regarding their actual behavior, we feel that “AdWare” might be a more appropriate classification rather than malicious “malware”. It would have been easy to add more harmful behaviours to the code and we might see that in the future, but the author of XCodeGhost chose not to implement them in the versions we analyzed.”

Apps may never be completely safe

The standard advice for mobile devices is to stick to trusted app stores. And while third-party app stores are generally questionable and shady, that isn’t a guarantee that Google Play and the App Store will be completely safe.

For the time being, keeping devices on their most up-to-date iOS versions is probably your best bet (though Apple is generally good at getting users to do that anyway).

In the future, however, BYOD policies may require more than the standard advice to avoid risky app stores. If attackers want it bad enough, any store, site or device can be at risk.

Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy