Posted by: David Harley | November 9, 2015

XcodeGhost: malware not just for Halloween

As I previously observed in a post commenting on FireEye’s commentary, apps haunted by the presence of XcodeGhost are still with us. Paul Ducklin’s blog for NakedSecurity – Apple’s XcodeGhost malware still in the machine… – takes a slightly different angle, drawing parallels with Stuxnet with the Induc epidemic of 2009.

There is indeed a similarity: as I wrote at that time:

[An Induc infection] means that the file contains a piece of code that includes routines to modify files belonging to the Delphi development tool and thereafter, all applications compiled using Delphi will also contain the virus.

The NakedSecurity article summarizes the somewhat analogous way in which XcodeGhost compromises applications generated with the ‘cooked’ version of the Xcode development toolkit, and reinforces the message that there are likely to be compromised apps out there even after Apple removed known-compromised programs from the App Store. It also gives some sound advice for developers on not blindly trusting third party libraries and not scorning the use of anti-malware apps. Apple has all but killed off anti-malware products for iOS, but the critical point here is that (as Paul puts it) we’re talking about

Apple Mac malware that was specially created by crooks in China to create iOS malware.

David Harley


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.


%d bloggers like this: