The XcodeGhost malware attack that allegedly affected 128 million iOS users is an excellent illustration of the kind of sophisticated attack all users should get ready to defend against as platforms become inherently more secure.

Designer label malware

XcodeGhost was an intelligent exploit that presented itself as a malware-infested copy of Xcode made available via websites targeting Chinese developers. Developers in the region downloaded it because it was easier to get than the real code because local networks wereunreliable.

Software built using these copies of Xcode was injected with malware, but at such a low level and so far behind Apple’s perimeter level of trust that many subverted apps made it past the App Store review process. And so the  infection wormed its way into more than 4,000 apps, and onto the devices of millions of users.

Previously confidential internal Apple emails revealed in a recent court case suggested that roughly 128 million customers wound up being affected.

More recently, we saw a similar attempt to seed developers with subverted versions of Xcode called XcodeSpy. And last year, we saw an attempt to infect the Apple ecosystem using GitHub repositories as vessels for bandit code.

There have also been attempts to exploit iOS vulnerabilities to stage man-in-the-middle attacks in which hackers hijack communications between managed iOS devices and MDM solutions.

Copyright © 2021 IDG Communications, Inc.