Hackers Infiltrated Apple's App Store

Apple confirmed on Sunday that hackers infected nearly 40 apps sold in the App store with malware, potentially affecting hundreds of millions of users. This is a big deal. Rather than creating malicious apps that might not pass Apple’s approval protocols to get into the App store, the hackers behind the attack used a developer tool called Xcode to tamper with and insert malicious code into the dozens of legitimate apps. Palo Alto Networks, an online security firm, investigated the malicious code—known as XcodeGhost Malware—and found that it prompts users to enter credentials, reads and writes in users’ clipboard and opens particular URLs to further infect users’ devices,according to a company blog post. “I think this is a wakeup call. I think this is a wakeup call both for enterprises and individual users that given the popularity of mobile devices and the broad usage across both enterprises and consumers that hackers are going to go after all those individuals holding those devices,” Gary Steele, the CEO of Proofpoint Inc., a cybersecurity company that specializes in protecting companies from social media, email and mobile based threats. While some reports peg the number of infected apps to be as high as more than 300, the 39 apps Apple confirmed affected by the malware include a handful of the most popular apps in China, according to The New York Times. Messaging app WeChat, business card scanner app CamCard and the ride hailing app Didi Kuaidi are among those impacted. According to Steele, the easiest way for hackers to get to a user is through applications and both enterprises and individuals need to be aware of the risk associated with what people download on mobile devices as they become more and more ubiquitous.

Hackers Infiltrated Apple's App Store

Apple confirmed on Sunday that hackers infected nearly 40 apps sold in the App store with malware, potentially affecting hundreds of millions of users. This is a big deal. Rather than creating malicious apps that might not pass Apple’s approval protocols to get into the App store, the hackers behind the attack used a developer tool called Xcode to tamper with and insert malicious code into the dozens of legitimate apps. Palo Alto Networks, an online security firm, investigated the malicious code—known as XcodeGhost Malware—and found that it prompts users to enter credentials, reads and writes in users’ clipboard and opens particular URLs to further infect users’ devices,according to a company blog post. “I think this is a wakeup call. I think this is a wakeup call both for enterprises and individual users that given the popularity of mobile devices and the broad usage across both enterprises and consumers that hackers are going to go after all those individuals holding those devices,” Gary Steele, the CEO of Proofpoint Inc., a cybersecurity company that specializes in protecting companies from social media, email and mobile based threats. While some reports peg the number of infected apps to be as high as more than 300, the 39 apps Apple confirmed affected by the malware include a handful of the most popular apps in China, according to The New York Times. Messaging app WeChat, business card scanner app CamCard and the ride hailing app Didi Kuaidi are among those impacted. According to Steele, the easiest way for hackers to get to a user is through applications and both enterprises and individuals need to be aware of the risk associated with what people download on mobile devices as they become more and more ubiquitous.