Home »

Xcodeghost

The meaning of «xcodeghost»

XcodeGhost (and variant XcodeGhost S) are modified versions of Apple's Xcode development environment that are considered malware.[1] The software first gained widespread attention in September 2015, when a number of apps originating from China harbored the malicious code.[2] It was thought to be the "first large-scale attack on Apple's App Store",[3] according to the BBC. The problems were first identified by researchers at Alibaba, a leading e-commerce firm in China.[4] Over 4000 apps are infected, according to FireEye, far more than the 25 initially acknowledged by Apple,[5] including apps from authors outside China.

Security firm Palo Alto Networks surmised that because network speeds were slower in China, developers in the country looked for local copies of the Apple Xcode development environment, and encountered altered versions that had been posted on domestic web sites. This opened the door for the malware to be inserted into high profile apps used on iOS devices.[6][7]

Even two months after the initial reports, security firm FireEye reported that hundreds of enterprises were still using infected apps and that XcodeGhost remained "a persistent security risk".[8][9] The firm also identified a new variant of the malware and dubbed it XcodeGhost S; among the apps that were infected were the popular messaging app WeChat and a Netease app Music 163.[10]

On September 16, 2015, a Chinese iOS developer mentioned[11] on the social network Sina Weibo that a malware in Xcode injects third party code into apps compiled with it.

Alibaba researchers then published[12] detailed information on the malware and called it XcodeGhost.

On September 17, 2015, Palo Alto Networks published several reports on the malware.[13][14][15][16]

Because of the slow download speed from Apple servers, Chinese iOS developers would download Xcode from third party websites, such as Baidu Yun (now called Baidu WangPan), a cloud storage service hosted by Baidu, or get copies from co-workers. Attackers took advantage of this situation by distributing compromised versions on such file hosting websites.[17]

Palo Alto Networks suspects that the malware was available in March 2015.[16]

The attacker used a compiler backdoor attack. The novelty of this attack is the modification of the Xcode compiler. However, according to documents leaked by Edward Snowden, CIA security researchers from Sandia National Laboratories claimed that they "had created a modified version of Apple’s proprietary software development tool, Xcode, which could sneak surveillance backdoors into any apps or programs created using the tool."[18]

Known versions of XcodeGhost add extra files[13] to the original Xcode application:

XcodeGhost also modified the linker to link the malicious files[16] into the compiled app. This step is reported on the compiling log but not on the Xcode IDE.

Choice of words

x-codeghost_ _
xc-odeghost_ _
xco-degho-st_ _
xcod-eghost_ _
xcode-ghost_ _
xcodeg-host_ _
xcodegh-ost_ _
xco-degho-st_ _
xcodeghos-t_ _
xcodeghost-_ _
xcodeghost:_ _ _ _
xcodeghost_ _ _ _
xcodeghost_ - _ _ _
xcodeghost-_ _ _ _
xcodeghost _ _ _ _ _
xcodeghost _ - _ _ _ _
© 2015-2020, Wikiwordbook.info
Copying information without reference to the source is prohibited!
contact us mobile version