- Lyft received a whopping 7 sexual assault lawsuits in a day Wednesday 10:00 PM
- High school reopens investigation into Nazi salute video after other racist videos emerge Wednesday 7:14 PM
- Facebook content moderators continue to suffer from brutal working conditions Wednesday 5:58 PM
- #RIPReese: Man bullied for relationship with trans woman dies by suicide Wednesday 4:46 PM
- Redaction error reveals ICE is paying Palantir $49 million Wednesday 4:25 PM
- People are using social media to raise awareness about the Amazon fires Wednesday 4:24 PM
- How to watch ‘Detective Pikachu’ right now Wednesday 3:56 PM
- Walmart is suing Tesla over fires at stores with solar panels Wednesday 3:44 PM
- Jeremy Renner asks nicely for Sony to let Spider-Man back in the MCU Wednesday 2:51 PM
- The best and safest torrenting sites you should be using in 2019 Wednesday 2:47 PM
- ‘Beyoncé’s Assistant for a Day’ creator is releasing more games on storytelling app Yarn Wednesday 1:54 PM
- Why does everyone keep falling for that Instagram and Facebook hoax? Wednesday 1:46 PM
- A bunch of celebrities fell for that viral Instagram hoax Wednesday 1:17 PM
- Former Die Antwoord crew member says video shows ‘homophobic attack’ Wednesday 1:13 PM
- How to stream all the MLS Rivalry Week matches Wednesday 1:13 PM
Researchers discovered the largest-ever malware attack against the Apple App Store last week, a major security breach potentially involving hundreds of popular apps with hundreds of millions of users.
While Apple is currently engaged in a wide-ranging cleanup, the company has so far declined to give examples of major apps that were hit, provide estimates of how many apps were affected, or tell users how to determine if they’ve been affected. Apple did not respond to a request for comment.
The attack is known as XcodeGhost because it was hidden in an infected version of Xcode, an app used to develop software for Apple devices. Programmers who were hit with XcodeGhost unknowingly infected the apps they built, because they compiled those apps using infected versions of Xcode before publishing them to the App Store.
Security experts have identified dozens of infected apps, including WeChat, a popular messenger app with more than 500 million users. WinZip and Musical.ly were among the other affected apps.
The Chinese security researchers Qihoo360 reported that at least 344 apps were infected.
News of the unprecedented attack first surfaced among Chinese developers, followed by security researchers at Palo Alto Networks, who reported that XcodeGhost launched phishing attacks to steal iCloud passwords.
“Based on this new information, we believe XcodeGhost is a very harmful and dangerous malware that has bypassed Apple’s code review and made unprecedented attacks on the iOS ecosystem,” researcher Claud Xiao wrote. “The techniques used in this attack could be adopted by criminal and espionage focused groups to gain access to iOS devices.”
Photo via Scott Schiller/Flickr (CC BY 2.0)
Patrick Howell O'Neill is a notable cybersecurity reporter whose work has focused on the dark net, national security, and law enforcement. A former senior writer at the Daily Dot, O'Neill joined CyberScoop in October 2016. I am a cybersecurity journalist at CyberScoop. I cover the security industry, national security and law enforcement.