Apple’s Malware Attack Holds Lesson for Devs

Screen Shot 2015-09-21 at 9.45.22 AM

Over the weekend, Apple announced that it was scouring its App Store of apps infected with malware.

Apple’s App Store is popularly regarded as less malware-prone than its Android-based equivalents, which makes the security breach something of a news event. According to Apple, the infection stems from developers using counterfeit versions of Xcode, the company’s software platform for creating iOS and Mac OS X apps.

The malware in question, identified by security experts as XcodeGhost, pries personal information from device owners by sending fake alerts; it can also manipulate information stored on infected devices’ clipboards.

“Additionally, according to one developer’s report, XcodeGhost has already launched phishing attacks to prompt a dialog asking victims to input their iCloud passwords,” read a Sept. 18 posting on Palo Alto Networks, a firm that analyzed the malware. “Based on this new information, we believe XcodeGhost is a very harmful and dangerous malware that has bypassed Apple’s code review and made unprecedented attacks on the iOS ecosystem.”

The posting provides a thorough breakdown of the malware’s code, showing how exactly it carries out its nasty work. Palo Alto Networks found that the malware has infected 39 iOS apps, “potentially impacting hundreds of millions of users.”

For developers, the lesson of this seems pretty clear: While it might prove tempting at moments to download tools from unverified sources (especially if it means you don’t need to pay licensing or subscription costs), it’s a habit that can just as easily cause you a lot of pain in the long run.