- Irony of Georgia’s sperm-reporting bill flies by anti-abortion advocates Thursday 7:11 PM
- Sex scandals are consuming the K-pop industry Thursday 5:44 PM
- Trump supporters are abandoning Fox News over network’s latest hire Thursday 5:20 PM
- QAnon is attacking a random woman in a disturbing and dangerous way Thursday 4:59 PM
- Google celebrates Bach with AI-powered, music-making doodle Thursday 4:53 PM
- RIP: The best free trial in all of streaming entertainment Thursday 2:19 PM
- Which ‘Florida Man’ are you? Thursday 1:06 PM
- Hundreds of millions of Facebook passwords were accessible to employees Thursday 12:55 PM
- ‘Bitch I’m Bella Thorne’ morphs into TikTok dyslexia meme Thursday 12:17 PM
- Marvel is auctioning props and costumes from Netflix’s ‘Defenders’ franchise Thursday 12:12 PM
- Net neutrality advocates plan online watch party for the ‘Save the Internet’ Act Thursday 12:01 PM
- Tim Cook turns his iPad meme into an AirPod meme Thursday 11:46 AM
- Auschwitz Memorial asks visitors to stop taking playful photos at Holocaust site Thursday 11:33 AM
- The best Korean beauty products for $15 or less Thursday 10:50 AM
- PewDiePie’s reign as the No. 1 YouTuber seems to be over Thursday 10:43 AM
Apple remains silent as major App Store malware attack infects hundreds of apps
Hundreds of millions of users are affected by this attack.
Researchers discovered the largest-ever malware attack against the Apple App Store last week, a major security breach potentially involving hundreds of popular apps with hundreds of millions of users.
While Apple is currently engaged in a wide-ranging cleanup, the company has so far declined to give examples of major apps that were hit, provide estimates of how many apps were affected, or tell users how to determine if they’ve been affected. Apple did not respond to a request for comment.
The attack is known as XcodeGhost because it was hidden in an infected version of Xcode, an app used to develop software for Apple devices. Programmers who were hit with XcodeGhost unknowingly infected the apps they built, because they compiled those apps using infected versions of Xcode before publishing them to the App Store.
Security experts have identified dozens of infected apps, including WeChat, a popular messenger app with more than 500 million users. WinZip and Musical.ly were among the other affected apps.
The Chinese security researchers Qihoo360 reported that at least 344 apps were infected.
News of the unprecedented attack first surfaced among Chinese developers, followed by security researchers at Palo Alto Networks, who reported that XcodeGhost launched phishing attacks to steal iCloud passwords.
“Based on this new information, we believe XcodeGhost is a very harmful and dangerous malware that has bypassed Apple’s code review and made unprecedented attacks on the iOS ecosystem,” researcher Claud Xiao wrote. “The techniques used in this attack could be adopted by criminal and espionage focused groups to gain access to iOS devices.”
Photo via Scott Schiller/Flickr (CC BY 2.0)
Patrick Howell O'Neill is a notable cybersecurity reporter whose work has focused on the dark net, national security, and law enforcement. A former senior writer at the Daily Dot, O'Neill joined CyberScoop in October 2016. I am a cybersecurity journalist at CyberScoop. I cover the security industry, national security and law enforcement.