Apple’s Chinese iOS App Store has been hit with malware and the way it got in was a clever workaround by the hackers. Apple tends to try very hard to lock everything down to prevent things like this from happening but they didn’t anticipate a borked copy of Xcode. Hackers have been able to inject malware into dozens of iOS apps found on the Chinese iOS App Store not by hacking the app itself, but by hacking the software used to build the app, Xcode. Xcode is the developers friend, it’s what developers use to build iOS and OS X apps very much like Android’s development kit.
Let’s clarify something real quick before we move on, Apple’s Xcode is perfectly safe and the company’s download of it is malware free. Xcode is free to download from Apple and free to use and implement as a developer. But, there are other places to download Xcode and that’s exactly where the problem started. Hackers simply downloaded Xcode from Apple, made their modifications and uploaded the tainted Xcode version to a site where developers could download it. Why on earth developers would download Xcode from anyone else but Apple is up for debate, but it happens.
Developers who downloaded the tainted Xcode and built apps with it, were victims of malware being injected into those apps. The developer had no clue that malware was even being coded into their apps — a unique and clever way to work around Apple’s security. It’s important to also note that only Chinese iOS App Store users are affected, there is no evidence that the tainted Xcode has been used anywhere else around the world. Wired reports the affected apps haven’t pulled much data other than the current time, the name of the device, and the network type. This could mean that the hackers were still in development and testing of the tainted Xcode, very possible they were testing to see if it would work at all.
It’s unusual for Apple to let malware through the App Store but no one is ever 100 percent safe, not even Apple. It’s also important for users and developers alike to understand that, downloading anything from third party sources could very well result in these kinds of results. For more technical details on the tainted Xcode and which apps were affected you can read Palo Alto Networks full post here.