'Apple's App Store infected with XcodeGhost malware in China' diff viewer (1/2)

This article is from the source 'bbc' and was first published or seen on September 21, 2015 03:48 (UTC). It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at http://www.bbc.co.uk/news/technology-34311203

The article has changed 5 times. There is an RSS feed of changes available.

Previous version 1 2 3 4 Next version

Version 1	Version 2
~~Apple's App Store hit by malware attack in China~~	Apple's App Store infected with malware in China
2015-09-21 06:46:16 UTC	2015-09-21 08:46:09 UTC (about 2 hours later)
~~Apple has said it is taking steps to remove a malicious ~~program~~ ~~found~~ in a number of ~~applications~~ used by ~~owners~~ of iPhones and iPads in China.~~	Apple has said it is taking steps to remove malicious code added to a number of apps commonly used on iPhones and iPads in China.
It is thought to be the first large-scale attack on Apple's App Store.	It is thought to be the first large-scale attack on Apple's App Store.
The US ~~tech~~ ~~giant~~ ~~said~~ hackers had ~~embedded~~ a ~~malicious~~ ~~code~~ ~~into~~ ~~the~~ ~~apps~~ by ~~persuading~~ ~~developers~~ to ~~use~~ a counterfeit version of ~~the~~ ~~firm's~~ ~~own~~ ~~software.~~	The hackers had created a counterfeit version of Apple's software for building iOS apps, which it persuaded developers to download.
~~The~~ ~~program~~ ~~called~~ ~~XcodeGhost~~ ~~allows~~ ~~hackers~~ to ~~collect~~ data ~~from~~ ~~devices.~~	Apps compiled using the software could steal data about the users and send it to servers controlled by the hackers.
~~The~~ infected ~~applications~~ ~~include~~ ~~many~~ ~~used~~ by ~~iPhone~~ ~~and~~ ~~iPad~~ owners in ~~China~~ ~~such~~ as ~~Tencent's~~ ~~hugely~~ ~~popular~~ ~~WeChat~~ ~~app,~~ a ~~music~~ ~~downloading~~ ~~app~~ and an ~~Uber-like~~ ~~car~~ ~~hailing~~ ~~app.~~	In addition, the attackers could send fake alerts to infected devices to trick their owners into revealing passwords and other information.
~~A ~~spokeswoman~~ ~~said~~ ~~the~~ ~~apps~~ ~~had~~ ~~now~~ ~~been~~ ~~removed.~~~~	The infected applications includes Tencent's hugely popular WeChat app, a music downloading app and an Uber-like car hailing app.
~~"We've~~ ~~removed~~ the apps ~~from~~ the ~~App~~ ~~Store~~ ~~that~~ we ~~know~~ ~~have~~ ~~been~~ ~~created~~ ~~with~~ ~~this~~ ~~counterfeit~~ ~~software,"~~ ~~Apple~~ ~~spokeswoman~~ ~~Christine~~ ~~Monaghan~~ ~~said~~ in an ~~email.~~	Some of the affected apps - including the business card scanner CamCard - are also available outside China.
~~"We~~ ~~are~~ ~~working~~ ~~with~~ ~~the~~ ~~developers~~ to ~~make~~ ~~sure~~ ~~they're~~ using the ~~proper~~ ~~version~~ of ~~Xcode~~ to ~~rebuild~~ ~~their~~ ~~apps."~~	An Apple spokeswoman said apps created using the counterfeit software, XcodeGhost, had now been removed from the App Store.
~~'No~~ ~~data~~ ~~theft'~~	"We are working with the developers to make sure they're using the proper version of Xcode to rebuild their apps," said Christine Monaghan.
On ~~its~~ ~~official~~ ~~WeChat~~ ~~blog,~~ ~~Tencent~~ ~~said~~ ~~that~~ ~~the~~ ~~security~~ ~~issue~~ ~~affects~~ an ~~older~~ ~~version~~ of ~~the~~ ~~app~~ - ~~WeChat~~ ~~6.2.5~~ ~~and~~ ~~the~~ ~~newer~~ ~~versions~~ ~~were~~ ~~not~~ ~~impacted.~~	Analysis: Dave Lee, North America technology reporter
	In Apple's walled garden App Store, this sort of thing shouldn't happen.
	The company goes to great lengths, and great expense, to sift through each and every submission to the store. Staff check for quality, usability and, above all else, security.
	The Apple App Store is generally considered a safe haven as the barrier to entry is high - there's only been a handful of instances of malware found on iOS apps, compared to Google's Play store which for a while was regarded as something of a "Wild West" for apps (until they introduced their own malware-scanning system too).
	It makes this attack all the more surprising, as it looks like two groups of supposedly informed people have been caught out.
	Firstly developers, who security researchers say were duped into using counterfeit software to build their apps, creating the right conditions for the malware to be applied.
	And secondly, Apple's quality testers, who generally do a very good job in keeping out nasties, but in this case couldn't detect the threat.
	Follow Dave Lee on Twitter @DaveLeeBBC
	On its official WeChat blog, Tencent said the security issue affects an older version of the app - WeChat 6.2.5 and the newest versions were not impacted.
It added that an initial investigation showed that no data theft or leakage of user information had occurred.	It added that an initial investigation showed that no data theft or leakage of user information had occurred.
~~~~Cyber~~ ~~security~~ firm Palo Alto Networks said on Friday that potentially hundreds of millions of users were impacted by the infected apps.~~	Cybersecurity firm Palo Alto Networks said on Friday that potentially hundreds of millions of users were impacted by the infected apps.
"We believe XcodeGhost is a very harmful and dangerous malware that has bypassed Apple's code review and made unprecedented attacks on the iOS ecosystem," the firm said on its website.	"We believe XcodeGhost is a very harmful and dangerous malware that has bypassed Apple's code review and made unprecedented attacks on the iOS ecosystem," the firm said on its website.
But Wee Teck Loo, head of consumer electronics at market research firm Euromonitor ~~International~~ said he ~~does~~ not ~~see~~ ~~any~~ major impact on the sale of Apple ~~products~~ ~~despite~~ ~~the~~ ~~presence~~ of ~~this~~ ~~malware.~~	But Wee Teck Loo, head of consumer electronics at market research firm Euromonitor International, said he did not forecast a major impact on the sale of Apple products.
"It is definitely embarrassing for Apple but the reality is that malware is a persistent problem since the days of PCs and the problem will multiply as the number of mobile devices explodes from 1.4 billion units in 2015 to 1.8 billion in 2020," he told the BBC.	"It is definitely embarrassing for Apple but the reality is that malware is a persistent problem since the days of PCs and the problem will multiply as the number of mobile devices explodes from 1.4 billion units in 2015 to 1.8 billion in 2020," he told the BBC.
In fact, consumers are less cautious on mobile devices than on PCs, he added.	In fact, consumers are less cautious on mobile devices than on PCs, he added.
"In emerging markets like China or Vietnam, mobile devices are their first connected product and security is taken for granted," he said.	"In emerging markets like China or Vietnam, mobile devices are their first connected product and security is taken for granted," he said.
~~"Consumers in emerging markets are also less protective of privacy and security issues," ~~said~~ Mr Wee.~~	"Consumers in emerging markets are also less protective of privacy and security issues," added Mr Wee.
Earlier this month, login names and passwords for more than 225,000 Apple accounts were stolen by cyber-thieves in China.	Earlier this month, login names and passwords for more than 225,000 Apple accounts were stolen by cyber-thieves in China.
~~It was uncovered by security firm Palo Alto Networks while investigating suspicious activity on many Apple devices. It found a malicious software family that targets ~~unlocked~~ iPhones.~~	It was uncovered by security firm Palo Alto Networks while investigating suspicious activity on many Apple devices. It found a malicious software family that targets jailbroken iPhones.
The majority of people affected were in China.	The majority of people affected were in China.

Previous version 1 2 3 4 Next version