![]() → You can see where this is going: developers with sloppy security practices, such as using illegally-acquired software of unvetted origin for production builds, turned into iOS malware generation factories for the crooks behind XcodeGhost. ![]() Instead of directly affecting the developer’s computer, the booby-trapped Xcode, dubbed XcodeGhost, indirectly infected iOS apps when they were compiled. The secret sauce was very different from the usual sort of malware we find stuffed into pirated apps.The cooked version was, in fact, downright crooked, because the hackers mixed in some “secret sauce” with their locally-sourced download.Xcode is free, so a pirated version sounds pointless, but the theory seems to be that the cooked version was available locally from Chinese servers and was therefore promoted as faster and easier to download. Chinese cybercriminals produced a “cooked” remix of Apple’s Xcode development toolkit, a multi-gigabyte download that you usually get from the App Store.In a nutshell, here’s what seems to have happened: When Palo Alto began to unravel the how, to go with the what and the when, things quickly got interesting. This malware not only sailed past Apple’s security vetting process, but also originated from software vendors you wouldn’t expect to be involved in malware creation and distribution. That changed a few days ago, when Palo Alto networks published a series of articles about malware that had shown up in the App Store. ![]() ![]() Until now, the App Store has been to the malware scene what the planet Earth was to Douglas Adams’s HHGttG: Mostly harmless. You’ve probably read all sorts of to-and-fro about Apple’s App Store this week. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |