Apple's App Store in China infected with CIA code?

Another hacking story makes the news, this one with a bit of a twist.

Apple's App Store infected with XcodeGhost malware in China

Apple's App Store infected with XcodeGhost malware in China Apple has said it is taking steps to remove malicious code added to a number of apps commonly used on iPhones and iPads in China.

It is thought to be the first large-scale attack on Apple's App Store.

The hackers created a counterfeit version of Apple's software for building iOS apps, which they persuaded developers to download. Apps compiled using the tool allow the attackers to steal data about users and send it to servers they control.

Cybersecurity firm Palo Alto Networks - which has analysed the malware dubbed 'XcodeGhost'

Developers targeted

The malware was initially flagged by researchers at the Chinese e-commerce firm Alibaba.

It discovered that the hackers had uploaded several altered versions of Xcode - a tool used to build iOS apps - to a Chinese cloud storage service.

Then, about six months ago, the attackers posted links to the software on several forums commonly visited by Chinese developers.

Interesting stuff, but it says nothing about the CIA, right? Well here comes the bit of a twist...

About six months ago I read an article on Glenn Greenwald's theIntercept about the activities of the CIA -

ispy - cia campaign to steal apples secrets

RESEARCHERS WORKING with the Central Intelligence Agency have conducted a multi-year, sustained effort to break the security of Apple’s iPhones and iPads, according to top-secret documents obtained by The Intercept.

The security researchers presented their latest tactics and achievements at a secret annual gathering, called the “Jamboree,”...

The security researchers also claimed they had created a modified version of Apple’s proprietary software development tool, Xcode, which could sneak surveillance backdoors into any apps or programs created using the tool.

The modified version of Xcode, the researchers claimed, could enable spies to steal passwords and grab messages on infected devices.

Researchers also claimed the modified Xcode could “force all iOS applications to send embedded data to a listening post.”

It remains unclear how intelligence agencies would get developers to use the poisoned version of Xcode.

So, now we know how intelligence agencies would get developers to use the poisoned version of xcode - post links on the internet.

The exact thing the CIA was attempting to do appeared online around the same time that the article was released. And it just happens to have been targeting a country that Washington doesn't like.

Make of that what you will.

OH


More info:
Malware XcodeGhost Infects 39 iOS Apps, Including WeChat, Affecting Hundreds of Millions of Users

Novel Malware XcodeGhost Modifies Xcode, Infects Apple iOS Apps and Hits App Store

Update: XcodeGhost Attacker Can Phish Passwords and Open URLs through Infected Apps

I don't get it? If the CIA wants to break Apple's encryption, why don't they ask the NSA?

I operate under the assumption that any encryption (with enough money and resources) can be broken. I would never fool myself into believing anything digital is ever truly "secure".

originally posted by: MystikMushroom
I don't get it? If the CIA wants to break Apple's encryption, why don't they ask the NSA?

I operate under the assumption that any encryption (with enough money and resources) can be broken. I would never fool myself into believing anything digital is ever truly "secure".

You must read quickly.

Have a read thru the articles. The modification of Xcode does more than break encryption. It allows various bits of information to be collected from the device and then it sends that information to a command and control server.

Since the attack was in China.

It sounds more like the hackers were interested in getting logins from the chinese.

And I wouldn't put it past the Chinese government being behind this either. Getting logins in order to fish out dissenters.

originally posted by: MystikMushroom
I don't get it? If the CIA wants to break Apple's encryption, why don't they ask the NSA?

I operate under the assumption that any encryption (with enough money and resources) can be broken. I would never fool myself into believing anything digital is ever truly "secure".

Well, if you want to keep decrypting apple's stuff, all you would have to do is let apple and its users think they can't decrypt the information and that's why they are making it public and throwing money at it. It's a disinformation game.

Cheers - Dave

Another hacking story makes the news, this one with a bit of a twist.

Apple's App Store infected with XcodeGhost malware in China[/url]

What one has to bear in mind at all times with stories about who is and who isnt corrupting code, putting back doors in etc and etc in China, is that the problem would never have arisin all had the US not offshored Americian jobs to China during the 1970's and 80's.

Some may recall that super secret object came down in Iran and it was widely suspected that China put a back door into the componetery and borught it down in Iran who poomtly handed it back to the Chinese.

Because the US offshored Americian industry to china, they have noone bar themselves to blame for such events. This is occuring because of there very short sighght approach to policy just like it is in other areas.

The US is merely reaping what it sowed, nothing less.

The article is 3 years old. It is just as likely that chinese hackers read the article and had the means to pull itoff.

I doubt the cia would have benefited from rogue hackers getting their job done. I mean, it's apple anyway. what are you gonna get. someones snapchat and zello records. if they wanted the real meat, they'd go after android.

originally posted by: sn0rch
The article is 3 years old. It is just as likely that chinese hackers read the article and had the means to pull itoff.

The articles are from this year. But thanks for your contribution.

I just think it's foolish to believe any electronic method of communication is secure, ever.

a reply to: MystikMushroom

Totally agree. I know mine has been monitored, might still be.