apple-security

A few dozen iPhone and iPad applications, most of them developed for China, have been infected with XcodeGhost, a malware that collects information on the devices and uploads that data to remote servers.

Among them is WeChat, one of the most popular instant messaging applications in the world.

Rather than exploit an iOS vulnerability, the malware in question sneaks its way into apps indirectly, by targeting Apple’s official compilers used to create legitimate apps. The malware was found to inject its malicious code into a Mach-O object file that was repackaged into some versions of Xcode, Apple’s official tool for developing iOS and OS X apps.

These Trojanized Xcode installers were then uploaded to Baidu’s cloud file sharing service used by Chinese app developers, explains Palo Alto Networks. The malicious code then inserts itself into any iOS app compiled with the infected Xcode without the developers’ knowledge.

It’s not Apple’s fault, really: this would have never happened had these developers downloaded Xcode files directly from Apple. Baidu has since removed all of the infected files from its servers and some of the infected apps have since removed the malware code in their latest builds.

This is the sixth malware that has made it through to the official App Store after LBTM, InstaStock, FindAndCall, Jekyll and FakeTor.

XcodeGhost’s malicious code isn’t particularly harmful so this explains why it can pass the App Store screening process. Apps infected with XcodeGhost collect the following data from users’ devices:

  • Current time
  • Current infected app’s name
  • The app’s bundle identifier
  • Current device’s name and type
  • Current system’s language and country
  • Current device’s UUID
  • Network type

But why on Earth would a legitimate iOS developer download the official Xcode files from a non-Apple source, you ask. Blame it on slow download speeds in China and in some other places around the world.

“Sometimes network speeds are very slow when downloading large files from Apple’s servers,” Palo Alto Networks explains. “As the standard Xcode installer is nearly 3GB, some Chinese developers choose to download the package from other sources or get copies from colleagues.”

In addition, attackers do not need to trick developers into downloading untrusted Xcode packages. Instead, they can “write an OS X malware that directly drops a malicious object file in the Xcode directory without any special permission.”

While WeChat 6.2.5 has been verified to be infected, its developer has since bumped the app to version 6.2.6, removing the malicious code.

All told, the publication has identified as many as 39 popular iOS apps as being infected, “some of which are extremely popular in China and in other countries around the world, comprising hundreds of millions users.”

Trojanized apps range from instant messaging software, banking and carrier apps, mapping programs, stock trading apps and games. With the exception of WeChat, most, if not all of the infected apps are made for China, including Didi Chuxing, Railway 12306, Tonghuashun and China Unicom Mobile Office, the official app of the biggest mobile carrier in China, China Mobile.

Some are also available from the App Store in other countries, such as CamCard, a business card reader and scanner.

Again, this type of malware seems to be mostly targeting apps developed for the Chinese market. But as certain apps written by Chinese developers gain in popularity around the world (we’re looking at you, WeChat!), iPhone and iPad users should be aware of this new type of malware infection, even if there’s nothing they can do about it.

Developers should ensure to download Xcode directly from Apple and avoid using Xcode builds downloaded from third-party sources that may have been infected by this malware. As an additional precaution, developers should regularly check their installed Xcode’s code signing integrity to prevent Xcode from being modified by other OS X malware.

Source: Palo Alto Networks

  • Роман Жихаревич

    And the question is, why Apple did not notice that apps contain malicious code?

    • Regular apps collect those information as well, so it is impossible to tell whether they are injected by malicious Xcode or they are simply using the same library.

    • Jake Dai

      Said in the article, those codes are not that malicious and harmful to be rejected by Apple. At least that’s what I thought..

    • Bugs Bunnay

      if said app does not upload porn to your device or run emulators then it passes their screening process.

  • China Unicom is the second largest carrier in China.

    • Shinonuke

      Good to know

  • John Wickham

    While it’s troubling that this is happening at all, it’s good to know that the information collected isn’t overly private (no addresses or phone numbers or the like).

    • TwoSim

      it also said that it will pop up a windows and ask you input your password sometimes. i have met this a lot of times. [ the download speed is slow was also biz the GFW ]

  • Manuel Molina

    See, should have download your app from AppCake then. 🙂

    • Apps infected with this malware in the AppStore that were instead downloaded from AppCake would still have contained the malware.

      • Manuel Molina

        I know, I was just being dumb. You do have a high chance of getting something through AppCake anyways. The amount of links they make you click just for the app itself is a lot to make any one consider.

  • Xee

    Off-topic but does anyone know how to import an Audiobook (mp3) into iBooks, only using a jailbroken iPhone (no PC or iTunes)? I have looked at Safari Download Manager and Bridge – but they don’t seem to be able.

  • FrankensteinBlack

    Jailbreak + Firewall-IP + PMP + UHB = A big chuckle at that slopey malware!

  • Haha, and there’s no way of scanning your I device to check if you’re infected…

    • you’ve been waiting for this a very long time lol.

      • It’s just another proof of what those with at least half a brain have been saying for over a decade; there’s no cure for the PEBCAK malware, learn to think before you click and you’ll be safe…I’m always happy when examples of that same message from over decade ago surface.

        Sadly, iSheeps and MacTards have been denying reality, and you can still see some of them bahing in denial in response comments until it happens to them…can’t cure extreme stupidity, so, let them bah in peace.

      • rockdude094

        Relax bro..

      • Indeed most are in denial, but thats because they don’t know enough to realize that no OS is safe. Everything can get infected but for the most part it just hasn’t happened yet.

      • Alberto Espinal

        The only difference is that this gets patched right away and your Android device have to wait a decade

      • For the majority of Android devices, yeah you’re right. I chose my device prudently, and my OnePlus One gets updates in a reasonable amount of time as it’s independent of Carriers…

      • Joseph Kool

        He must work for Samsung right?

    • John

      Because we don’t need too dickhead. We’re not like android where u need that shit. Occasionally something happens to us. But let’s face it. U android fools have this shit happen almost weekly.

      • Dan

        In all the years I’ve used android, never got malware/virus. In all the years I used iOS, never got anything either. It’s like life, make good decisions and you’ll stay clean. Btw, your comment makes you look like a dickhead.

      • John

        Was I talking to you mate? So keep out of it mug

      • Dan

        He wasn’t talking to you either, it didn’t stop you, Dick.

      • John

        pussy. Go back to your comics. Real men are talking here.

      • Dan

        Funny, I don’t see any around. They must of left to see your mother.

      • John

        Possibly. There’s a few here with me gangbanging your mum and sister.

        Did you know your mum swallows?

      • Dan

        It’s they’re, dick.

        Not sure if my mom swallows, but yours sure should of when you were conceived.

        Anyhow, it’s been fun, I’m out of here.

      • John

        Back to your comics…

        Seriously though. No hard feelings. Been fun 🙂

    • I see your point but to be honest when all the malware collects is the following I hardly see what’s so bad about this. Heck I wouldn’t even call the software malicious since it does absolutely nothing bad except for collect data without your permission (and depending on the terms and conditions of the apps infected with this malware you may have actually have given your permission):

      Current time

      Current infected app’s name

      The app’s bundle identifier

      Current device’s name and type

      Current system’s language and country

      Current device’s UUID

      Network type

      UUID aside I’d gladly post all of the above to anyone that wants it.

      • As long as its anti-apple he’ll be happy. big or small problem.

      • I agree it’s not so dangerous as the past malware that was coming through text messages, but It’s yet another proof that Apple’s common practice of security by obscurity doesn’t work even on it’s closed iOS platform. There’s more proofs waiting to be discovered, and eventually, Apple would implement some form of API to allow anti-malware scanners on iOS like Android/Windows.

        It’s part of their long history to remain in denial until sh*t hits the fan, then they eat their own words like hypocrites and follow the competition…that’s what happened on the Mac OS X restrictive-haven side.

        https://uploads. disquscdn. com/images/d71e3d92b7d60fc4c47ac255cb6bc1196dbb0b8cf73677527f68a0d40d7b8afa.png

      • Rowan09

        But it does work, nothing is impenetrable. Android was not made to be safe and those came out of the mouth of one of the creators. Anyone with a brain knows nothing beats common sense, but to try and imply anything as if Android is safer is just a joke.

      • John

        Yep. I agree with that as well.

    • N&LH

      You’re really hater. It seems to be the developers downloaded Xcode from non-Apple source. So, in this case it is not Apple’s fault.

      Just typical hater waiting for something like this to happen to start bashing.

      • Right, it’s not Apple’s fault that it got into the App Store. Blame the devs for creating malicious apps when it’s on iOS, blame Google/Microsft for malicious apps when it’s on Android/Windows…back to your old Numbskull and Ludicrous Hypocrite mode I see.

      • John

        Wow. Who would of thought that an app that can steal no sensitive data could be called malicious. The ‘hack’ can only get basic details that mean nothing. Your more at risk by people searching up where you live on google.

      • Micrones

        You cannot deal with the truth, he is simply stating it as it is, because it is contrary to your belief does not make him a hater.
        No OS is impenetrable, honestly, i think IOS has been battling malware for awhile, this is a big deal because someone publicized it. Android might get more malware but that does not man IOS is impenetrable as evidenced.

      • N&LH

        Ah ok. If you have been here in IDB for a long time then you will know he is a hater. I said hater because it is NOT Apple’s fault when developers DOWNLOADED Xcode from NON-Apple source. He will say NOTHING when this thing happens to other platforms. By the way, Apple started to remove the apps. At the end of the day IOS is MORE secure than Android and Windows

  • Noohar

    Meh…don’t use WeChat or know people who use it.

  • Anonomous.TECH.man

    I use a 1 Chinese apps called meipai I wonder if I’m………INFECTED?

    • With the number of hacked apps at 4,000+ now (confirmed by FireEye) and Apple not even able to remove them all yet (also confirmed) at this point in time, any iPhone user has to assume they were hacked. I’m sorry.

  • I love how iPhones actually get hacked weekly by something like this, but Android never does. And I love how Android will have a critical vulnerability that never actually gets turned into a hack, but that will make valley news front page, and stay there for a month. Meanwhile, all the larger valley sites are ignoring this story completely. I’m sick to death of the lack of ethics in valley journalism.

    • Rowan09

      Maybe because this is very isolated and if the developers used the official Xcode this would not have happened in the first place. The hack regarding Android actually affected millions of devices and some didn’t need you to download a specific app. The iCloud photo issue was blown out against Apple so they get their fair share at times.

      • iPhone users are actually getting hacked right now. If you have an iPhone, you might be hacked right now. Better, you’d have no way of knowing. But sure, lets make Stagefright, which hacked exactly…. nobody a front page story for a month.

        Now, if you can’t see that bias, you are blind.

      • John

        How do u no that?

      • Oh, I read the story. Yanno, the one up there. That these comments are on. Look up. Read.

      • John

        Muppet, I was talking about stagefright. U have no idea if hackers exploited it so keep quiet

      • Oh, you mean Stagefright. Which hacked absolutely nobody. Because it was just a critical vulnerability and not 4,000 (and growing) hacked apps, and hundreds of millions of hacked iOS users.

      • John

        Again. Are you capable of reading. YOU DO NOT KNOW IF HACKERS HAD BEEN EXPLOTING THAT VULNERBILITY BEFORE IT WAS DISCOVERED BY RESEARCHERS. Serious cybercriminals do not disclose if they have exploited something. It’s called 0-day exploit. You really have no clue. Oh and btw are you seriously trying to say that there are more hacked iPhones than android? Are you a n00b to tech?

      • You don’t understand Android’s 9 layer security model. In order for Stagefright to even work, you’d have to sideload an app, you’d have to allow third party app installs, which would require to uncheck a box and read a very scary warning, then you’d have to disable Google Play Services since it was set up to scan for Stagefright before anybody even knew about it, oh, and the permissions on one particular folder would have to incorrect for…. absolutely no reason. That’s why absolutely nobody got infected. And that’s how you end up with 4,000 hacked iOS apps on the Apple App store, and hundreds of millions of hacked iPhone users, and no hacked Android users. Because Android is more secure than iOS by design.

        Now you’ve learned something. Feel smarter?

      • John

        Well that’s interesting considering there are 7 different exploits within the “stagefright” exploit of which researchers already know of at least one that has been exploited for a while. I would post the links here but it won’t let me so just search for “MMS Not the Only Attack Vector for “Stagefright'”

        Now maybe you have also learned something

      • Again, these “researchers” which are usually antivirus software company employees, don’t mention things like, that in order for Stagefright to even work, you need a 3rd party apk installed, which requires enabling that, reading a big warning, and checking one final ARE YOU SURE. Then, you’d need to disable Google Services Framework to keep it from removing it immediately, then you’d need to have messed up permissions on some random folder. Alternately, you’d need a way to kill off the framework.

        So any normal Google Play using Android phone would NOT be vulnerable to stagefright. A Rooted phone? Maybe. Harder if it it has no third party apk support. Impossible if it’s some weird Android like MIUI, which had per app permissions before iOS did. They do their own thing with Android. It was never vulnerable. Same thing with Samsung phones with Knox. Same thing with ColorOS. Same thing with a bunch of other common typically foreign Android variants. Or the highest security phones in the world running hardware encrypted Android. Or the Blackphone. Most of the vendors that had vulnerable phones have patched by now. The tech press just isn’t tech savvy enough to understand that. Now, compare that to something like Keyraider that ran wild through 225,000 iPhones like it was nothing…

        You getting the point yet? There’s a reason iPhones actually get hacked, and Android phones almost never do.

      • John

        Lol. Ure delusional bud. You seriously think that android doesn’t get hacked? Ure seriously a n00b

      • Look kid, if you all you have is name calling just do us both a favor and get it overwith now. Hell, say something mean about my mom lol. It will be hilarious. Please, continue son.

      • John

        I’m probably older than you ‘kid’. It’s cool. I’m gonna do a look up for freelance journalists and search your name. If I can’t find an address for you I’m sure il find a place you work for and il come and visit you. This will teach you for running up your mouth big man. Fingers crossed you work in London.

      • If you want shot to death by DC Metro cops because you got owned on the Internet by someone better than you, by all means. Try to get past my building security in the depths of your childish temper tantrum little boy.

      • John

        Ok u geeky mug. My people don’t care about u posh little dickheads that think police actually bother any of us. U clearly don’t understand how street matters work. You threaten with police means nothing. Police don’t matter. Just like u. Ure building security doesn’t matter. Lol. Even if u had 20 security u will still get picked off outside your block or at your car. It’s nothing. And trust me you little four eyed mug… U won’t ever be better than me. U will always be that little runt that thinks he’s clever. If u didn’t run your mouth thinking ure brave we wouldn’t be having this conversation. And as it happens I have some Latin Kings that will be taking a closer look at you. Especially the fact that I’ve told them you have money and gadgets.

        Sleep well.

      • The police shoot violent trash like you. They protect important members of society like me. That’s just how reality works.

      • John

        Important? You clearly lived a sheltered, privileged life. Did mommy and daddy tell you your special and better than everyone else? Betting your an only child too.
        What, you write a blog and you think your special and society needs you.
        If war comes along you would be about as useful to society as split condom. And that’s the only time when people are useful to society. Everything else means nothing to the existence of humanity. Especially a bloke who blogs about computers and hating apple.
        I would have to use you as cannon fodder to keep more useful men alive. You seriously have no concept of reality or real life. you’ll be waking up to reality soon though son if not already then soon.

      • blah blah blah blah now you are just wasting my time.

      • John

        Later bitch

      • Rowan09

        Really give me the numbers? Let me guess the lookout app tells you everything so you know you’re safe huh? Give me a break. Nothing beats common sense, but if you are trying to even imply Android is more safe than IOS you can’t even believe that lie. Even the Google creator said Android wasn’t made to be safe.

      • Ok, how about just the numbers for this hack. The number of apps hacked is now up to 344. All of WeChat’s iOS users were hacked. That’s about 200 million people. This is now the worst hacking in the history of mankind.

        You done?

      • Rowan09

        WeChat said 2 days ago 6.2.6 versions or later were not affected you or I do not know the number so don’t make it up. Regardless lesson learned by Apple and developers. Don’t download a pirate bay version of Xcode and think it’s safe.

      • How in the hell is WeCht going to release a fix to magically delete all the data that got hacked from their users? Hmmmmm? Sure, closing the barn gate after all the horses have run away might seem like doing something other than damage control, but it really isn’t.

      • Rowan09

        You said iPhone users are hacked right now. Regardless I would like the site that showed 100 million plus users were hacked? While millions could be at risk, doesn’t mean 100 million plus got hacked. Regardless I’m not understanding what you are trying to prove here because no one would say IOS, Android, OSX, Linux, Windows, etc is impenetrable. The developers mess up and Apple didn’t catch it, so shame on them both.

      • Right now the tech press is messing up by downplaying this for Apple. And considering how hard they’ll go after an Android CVE like Stagefright that wasn’t even weaponized, and didn’t hack a single soul, the lack of ethics in tech journalism is astounding.

      • Rowan09

        I don’t know what any tech blog said about stagefright that’s any different than this one. The news said the same thing they did with any other malware. I would guess it’s being downplayed because no potentially harmful data was said to be stolen.

      • Simple: Stagefright didn’t actually hack anyone. This, the worst hacking in history, hacked hundreds of million of users FOR REAL for MONTHS. That’s the differnence. One was a bullshit media creation by the non-technical paid shills in the valley press, and one ACTUALLY HAPPENED.

      • Rowan09

        How do you know no one was affected by stagefright just because you said so right? Regarding this being the worst hack in history nonsense is making it seem as if you have proof of the credentials taken. Were you responsible or something? Dude you’re wasting your time.

      • Dude, 4,000 hacked apps on all app stores. FOUR THOUSAND. It’s an order of magnitude worse now, and Apple’s whitewashing attempt with “known friendly” shill valley journalists just failed. They are all giving up and telling the truth now. This isn’t just bad. This is a nuclear holocaust. I just feel bad for Apple. Really really bad. This will be the worst thing that has ever happened to them since Steve died.

        The only bright side is that if you play the market, it would be a great time to short their stock.

        I’m sorry man. I know you guys into what I call “Faith based tech” really love them, but they really screwed up, and they really screwed you. This is going to cost them billions. It will take years to recover the respect they are going to lose.

      • Rowan09

        Dude you must be in an Android bubble. I probably own more Android devices than you do and that’s 4 and I use them daily. This thing hasn’t affect Apple stock at all, what made up world are you living in? I asked for the stolen credentials and you’ve yet to give me any because you are just speaking nonsense. Go on android central and brag to those guys. Man you android shills are so nauseating.

      • Man, I don’t even now how to talk to someone like you. FOUR THOUSAND popular apps hacked on the app store YOU USE. And that’s just the ones they’ve found. Dude. DUDE. Come on. Come on. If I was in front of you, I’d be snapping my fingers in front of your face. I’d be slapping you. I’d be planning an intervention. You need to accept actual reality right now. This is worse than I could have ever imagined.

        It’s not even fun or funny anymore. It’s terrifying. I own Apple products. I’ve shut them all off. I’m sorry man. I really didn’t want to be right about this. Never. I was just kinda screwing around. Now it’s just too real for me to deal with.

      • Rowan09

        4000 apps now where did you find all this information that I seem to can’t find on the web? As I said you’re trying to blow this thing up as a hack on personal credentials when it wasn’t and unless you have proof showing otherwise stop wasting your time. If they got hold of some credentials and I was affected some how it’s as simple as changing what I need to. I’m fine, but apparently you’re not so you need the intervention for yourself.

      • : ( I’m an expert in this field. So I follow other experts. One of them is named FireEye. You should probably follow FireEye right now. But I’ll warn you, this isn’t the “faith based tech” you want. They tell the actual truth like I do. So you’ll be shouting at them for telling the truth like I do.

      • Rowan09

        No thanks. What the hell is faith based tech? As I stated I probably own more Android devices than you do. I do not worship any man, thing or compnay.

      • Benedict

        You misunderstood this comment: If the system is not made to be “secure” it can be used for far more things – which of course can be insecure.
        You just read it like “Android was written for viruses”.

      • Rowan09

        Absolutely not. Android is not written for viruses. It’s a fact that an Android device is easier to attack with malware than IOS due to it being more open.

      • Lets go over the five largest phone hacking scandals to date. There have been 5 of them.

        1) iOS Extortion Exploit – Australia
        Hackers hack user’s iPhones through iCloud, lock up phones, demand randsome for unlock.

        2) iOS Extortion Exploit – Callifornia
        Hackers hack user’s iPhones through iCloud, lock up phones, demand randsome for unlock

        3) The Fappening
        Because Apple gives away iPhones in gift bags to celebrities, all celebrities get free iPhones. Celebrites get their iPhones hacked through iCloud, Nude photos of celebrities are posted all over the Internet. Apple finally decides maybe enabling two-factor auth on iCloud might be a good idea.

        I mean, this shit only had to happen three times. Yeah.

        4) Keyraider
        Keyraider exploited jailbroken iphones, and was delivered as a payload on iPhones that would get jailbroken on 0-day exploited macs. OSX has had 3 remote exploits so far this year. 225,000 iPhones dumps and iCloud account credentials found on darknet servers.

        5) XCodeGhost
        Not only the worst mobile hacking, and the worst app store hacking, and the worst malware attack in history, this is the largest single hack in the history of mankind. Hundreds of millions of compromised users. Apple is trying feverishly to cover it up. But the simple fact of the matter is, it’s highly likely hundreds of milions of iCloud accounts were stolen. All because of Apple’s poorly implemented App Store malware detection. There are still 1,000 infected apps just sitting on the App store that Apple hasn’t even removed yet according to FireEye.

        Android has not had a mass hacking incident. Some adware has made it to the play store occasionally, but it usually gets stopped by Bounce, which is a tool written for them by the security Gods at Columbia University. Maybe Apple should talk to Columbia.

      • sizuco

        Actually, unless they turned autoupdate off on their phones, they’re not being hacked right now. WeChat released an uninfected update a week ago.

      • The hacker took his data and left ages ago. Do you understand HOW LONG people were hacked?

      • Rowan09

        Do you? As per any site I’ve visited it was said that no potentially harmful data was leaked, but you or I don’t know. Stop trying to be the news , you’re no different than when they made the stagefright warning. How many people were infected don’t know.

      • What? Dude, what I said up there is what major tech sites are saying now. Welcome to reality. For over 10 months hundreds of millions of iOS users were getting hacked. It’s the worst hack in history.

      • How in the hell could these apple shill journalists even KNOW that? We know for a fact there was code stealing iCloud accounts. What fantasy land do you live in?

      • Rowan09

        How do you know that? Is there any proof on the web showing your claims? Anyone or group claiming rights to doing these attacks or having stolen information now? As I stated before I’m really not sure what you’re trying to accomplish.

      • 200 million WeChat users. ANYBODY that installed WinZip for iOS. And Apple is so afraid, they won’t even release the full list of apps that got hacked. Shouldn’t they BE DOING THAT? HMMMNNMN? Are you such a mindless zealot that YOU DON’T EVEN WANT TO KNOW IF YOU’VE BEEN HACKED? You should be DEMANDING Apple release the list of hacked Apps.

      • Rowan09

        If I’ve been hacked? Dude you must be joking.

      • It will be a miracle if you aren’t. And that’s just statistical probability.

      • sizuco

        I do. In the case of Wechat, exactly 3 days. That’s how long the infected version was up before the patched version was released.

      • Again, you don’t even have a list of the over FOUR THOUSAND infected Apps on Apple’s buggy hacked App store. You pretty much just have to assume your iPhone is hacked. They have your credit cards. They have your iCloud account. They have your address. They have your phone number. They know the names of your kids, pets, what you drive, etc. You were hacked.

        Sorry

      • sizuco

        Hey, I live in China. The government already knows what brand of coffee I drink in the morning and how many times my dog poops on our daily walk 🙂

      • sizuco

        I do. Do you?

        The infected wechat version was up for 3 days (sept 10-13).

      • FireEye just confirmed over 4,000 iOS apps on ALL APP STORES are infected. 1.000 of them are still there. You pretty much have to assume your iPhone is hacked right now.

        That’s actual reality. Now would be a fantastic time to switch to the more secure Android platform.

      • sizuco

        You’re assuming I’m running those apps. 🙂

        As for more secure Android, how many Android apps do you think have exploits?

      • 344 apps so far. 200 million WeChat iOS users hacked. That’s not isolated. That’s the worst hacking in the history of mankind.

    • John

      Lol. Did u actually just say that? Android is the most insecure OS going you mug.

    • Andrieux Querido

      Hahahaha 92% of the virus for Smartphones are made for Android

      • Yet they never actually make it to the user. That’s why 200 million WeChat iOS users were hacked (worse hacking in history) and 300 million Android WeChat users were not. Because Android is more secure than iOS. Granted, I’m basing that on actual reality, which is kinda cheating when dealing with Apple reality.

    • N&LH

      it is not Apple’s fault when developers download Xcode from non-Apple source. At the end of the day, Apple still have a much better control over IOS than Android.

      • The user doesn’t care why Apple’s security is shit. They just know that 344 apps in Apple’s official app store (and growing) were hacked, including 200 million WeChat iOS users. This is now the worst hacking in history.

  • Vianett

    Why won’t you Android hateful Christian Zubreg write an article about how Apple android app “Move to Ios” and how it’s just rebranded version of another android app that apple just completely copied?

    • how it’s just rebranded version of another android app that apple completely copied?

      You mean licensed right? There’s a difference between licensing something and ripping something off. For one thing licensing something means you can’t be sued unless you breach the terms of the license agreement.

      • Vianett

        Doesn’t matter. They still thought of ignoring and not writing about it at all because they know it’s bad publicity for apple.

        It shows how much apple care and about their innovations. They just copied someones else work, put their logo and charge 3x for it

        haha lol Sebastian who liked the response of apple lover. This shows how biased this crapdownloadblog is. Grow up

  • Why doesn’t Apple use a content delivery network to deliver their files? Chinese users wouldn’t have to worry about slow speeds then assuming the CDN had servers in China…

    • Chris

      They do but only in the United States and Europe, in other parts of the world they use Akamai still but it’s still not available to everyone.

  • Bradley Hines

    Can we take a moment to not be of ignorance and acknowledge that any technological system isn’t perfect. Wether it’s android, Apple, Mac, or windows. Regardless of what OS you may have or own, no security in any of OS’s are perfect. No OS has “perfect or better” security than the other and wether or not we like it, they can all be hacked. So some apps are hacked stealing useless info, big whoop. I’ll gladly give that out. And not only that, but unless you download a Chinese app, it won’t even affect you.

  • Lucus Bendzsa

    Off topic, but I wanted to message the team at iDownlaodblog. I just download Admob on my iPhoen and it works wonders. Your webpage used to load in 3 seconds now it does in .5 seconds. I want to use ads and support you, but make them faster to load my page on and I will whitelist you.

    • NotTodayThx

      you get an iDB badge for that, oh and 3 brownie points

      • Lucus Bendzsa

        LOL

    • Vianett

      I emailed idb and Sebastian replied saying that I should click the ads sometimes if I want to help them as it generates revenue to them, so do it you too.

      • Lucus Bendzsa

        Yeah I want to help them, but I am using less data and it loads at least twice as fast. I may turn it off on my own wi fi sometimes and go click!

  • James Liu

    “…and China Unicom Mobile Office, the official app of the biggest mobile carrier in China, China Mobile.”

    China Unicom and China Mobile are two different mobile carriers in China.

  • Joseph Kool

    But I thought Apple software is imune to malware, spyware, trojans and viruses? This is obviously MS and Google teaming up to make apple look bad.

    • No, there’s no platform completely immune to attacks. Being infected on iOS or OS X is very rare, that’s true, but it doesn’t make you completely safe. This appears to be an isolated incident and especially uncommon as the developers are using an unauthorised version of Xcode. It highlights the fact the iOS is still very much vulnerable to attack so long as someone puts their mind to it.

  • Sleetui

    So if a user has WeChat what can they do to protect themselves then?

    • sizuco

      Since iOS autoupdates apps, unless you turned that off, you’re okay as WeChat will have already updated to the latest version (6.2.6) which is not infected and was released a week ago. If you’re on an older version, check and update.

    • You have to assume they got all your data. Change banks. Change credit card numbers. Change phone numbers. Change all passwords. Switch from Apple products to more secure ones.

      That’s what you do.

  • Micrones

    No OS is impenetrable. People should deal with that fact and move on.
    There are a bunch of people using Android and have never been infected with malware while others do, it is just a matter of how security conscious you are and what you download.
    The point is no OS is perfectly safe. as long as IOS can be infected, then that nullifies anyone’s argument on IOS defense. it doesn’t matter.
    Once you open any platform to the development community, consider it unsecure and open to malware no matter how walled it is.

  • This is everyone that has been defending Apple during the worst hack in history the past few days…..

    • N&LH

      HAHAHAHAHAHAHA.oh yeah enjoy 95 per cent of Android users at risk of attack…Enjoy the garbage

      • Yet only iPhone actually ever get hacked for real. In the real world lol.

      • N&LH

        Look everybody knows Android is garbage when it come to security. And Google used to sell PERSONAL data, scan EMAILS, etc….. Don’t be idiot

      • N&LH

        I challenge YOU if you can prove no Android phone hacked before? There are millions of Android phones. So, I want to prove non of these millions hacked?….If you cannot then shut up

  • I hope you feel incredibly stupid now lol. Because by now, you know I was right. Protip: I’m always right. I get paid to be right.

    • N&LH

      ‘I hope you feel incredibly stupid now lol. Because by now, you know I was right. Protip: I’m always right. I get paid to be right.’….ah ok stupid malware user…

      95% of Android users at risk of attack….lol…..You’re an idiot….Enjoy the garbage malware platform

      • Sir_Brizz

        As reported by anti virus companies who make money off of your fear of “risk”.

      • N&LH

        ah ok….Android means viruses and malware

      • Sir_Brizz

        Basically, no.

  • Yunsar

    Second last dot-point says:
    Current device’s UUID – did you mean UDID?

  • Chen Pang

    Can’t say Apple has no fault in this incident. If the download speed from the official source is unbearable, Apple should really work on content delivery quality instead of forcing developers to wait for hours if not days to download their software.