The App Store was hit hard. It just experienced its worst security breach ever, because hackers managed to fool legitimate developers into using a hacked, tainted version of Xcode, Apple's software development kit for creating iOS and Mac apps.
Last week security researchers from Palo Alto Networks discovered that 39 iPhone and iPad apps were infected with malware, potentially impacting hundreds of millions of unsuspecting users. Among the infected apps (including IMs, banking apps, mobile carrier's app, maps, stock trading apps, SNS apps and games) were also WeChat, and the Chinese mobile messaging app, which is used by 600 million people, media reports.
Researchers discovered that the malicious code is capable of receiving commands from the attacker through the C2 server to perform the following actions:
- Prompt a fake alert dialog to phish user credentials;
- Hijack opening specific URLs based on their scheme, which could allow for exploitation of vulnerabilities in the iOS system or other iOS apps;
- Read and write data in the user's clipboard, which could be used to read the user's password if that password is copied from a password management tool.
Below you can find a list of 85 apps, that were infected with malicious software codes (media reports claim that there are more than infected 300 apps; if you are using them, uninstall them until it is safe to use them again):
Angry Birds 2
China Unicom Mobile Office
CITIC Bank move card space
High German map
Hot stock market
I called MT
I called MT 2
Medicine to force
Quick asked the doctor
Stocks open class
Telephone attribution assistant
The driver drops
Three new board