What You Need to Know About iOS Malware XcodeGhost

Discussion in 'MacRumors.com News Discussion' started by MacRumors, Sep 20, 2015.

  1. Rigby macrumors 601

    Joined:
    Aug 5, 2008
    Location:
    San Jose, CA
    #126
    Yes. mercury-browser.com is the official developer site linked in the app store, and from there you find several references to ilegendsoft.com.
     
  2. Aniseedvan macrumors 65816

    Joined:
    May 14, 2012
    Location:
    UK
    #127
    With you there - 350+ just recently migrated over to 1Password...

    To re-iterate others, I really hope Apple take note and stop password prompt dialogs with no context...
     
  3. liuk macrumors newbie

    Joined:
    Sep 14, 2014
    #128
    Changing iCloud password might be overreacting...

    The design of iOS makes it impossible for third-party apps to access iCloud password when they prompt users to type the password, if the device is not jailbroken. Thus the only way a malware could get the password is make a fake pop-up window asking user to login iCould (developer can draw a pop-up window that looks exactly like the iCloud login, but send the password somewhere else). But there is another problem, on a non-jailbroken device, apps other than App Store itself cannot access the iCloud ID, the fake iCloud window must ask user to type the iCloud ID as well, while other legitimate iCloud access requests only ask for the password.

    In this sense, unless you have seen some third-party app asking you to provide both iCloud ID and password, it's impossible for the breacher to get hold of your iCloud ID and password at the same time.
     
  4. kironin macrumors 6502a

    kironin

    Joined:
    May 4, 2004
    Location:
    Texas
    #129
    fortunately it's been a while since I've used them, so deleted without opening Camscanner and Mercury, goodbye!
     
  5. Michaelgtrusa macrumors 604

    Joined:
    Oct 13, 2008
    #130
    The review are not good. https://itunes.apple.com/app/id1000610117?mt=8
     
  6. int79 macrumors 6502a

    Joined:
    Sep 28, 2013
    #131
    Thanks, deleted Mercury when I first heard about this just in case and it looks like it probably is Mercury browser

    This is a very good point, and also quite reassuring because I certainly can't remember being asked while in the only affected app I have had installed (Mercury) to enter my full Apple ID. And I'm sure that would have stuck in my memory. Thanks liuk!
     
  7. applyr macrumors member

    Joined:
    Sep 20, 2015
    #132
    Yes but most complaints have to do with the subscription model that the PRO versions comes with.

    I'll probably get rid of it anyhow now that Safari supports content blocking but I just want to know if I'm affected or not from this malware.
     
  8. int79 macrumors 6502a

    Joined:
    Sep 28, 2013
    #133
    I would say be safe and assume you are, that's what I've done as a user of Mercury. Until I know for sure otherwise I'm playing it safe by getting rid of it, but must say I've never really had any suspect dialogs while using it
     
  9. pjnewport, Sep 20, 2015
    Last edited: Sep 20, 2015

    pjnewport macrumors newbie

    pjnewport

    Joined:
    Sep 19, 2015
    Location:
    OC
    #134
    Has apple made a statement?
     

    Attached Files:

  10. JimmyHook macrumors 6502a

    Joined:
    Apr 7, 2015
    #135
    There is absolutely zero reason to even bat an eyelash of concern at this. This has been an ongoing story for a few weeks...
     
  11. Floris macrumors 68020

    Floris

    Joined:
    Sep 7, 2007
    Location:
    Netherlands
    #136
    Not much use 'after the fact' for affected systems. Only useful to prevent further damage.
     
  12. bommai macrumors 6502a

    bommai

    Joined:
    May 23, 2003
    Location:
    Melbourne, FL
    #137
    I wonder how hard it is for developers to submit a project instead of compiled object code. That way, Apple's secure servers can compile the object code and put it in the store.
     
  13. Larry-K macrumors 68000

    Joined:
    Jun 28, 2011
    #138
    What is "a long time"?
     
  14. Rigby macrumors 601

    Joined:
    Aug 5, 2008
    Location:
    San Jose, CA
    #139
    There is something fishy going on with this once great browser. If you check their Facebook page, the app was removed from the app store a few months back (supposedly their developer account was hacked). That version (which I had also purchased a long time ago) is still gone. Then the browser reappeared under a different developer account ("Lucy Ding") with a subscription-based payment scheme. I strongly recommend to be cautious.
     
  15. Floris macrumors 68020

    Floris

    Joined:
    Sep 7, 2007
    Location:
    Netherlands
    #140
    They suddenly had super speed to get a legit xcode? rolleyes

    Why ever trust any of these companies ever again if their idea of professionalism means not having patience to do things right
     
  16. sudo1996 Suspended

    sudo1996

    Joined:
    Aug 21, 2015
    Location:
    Berkeley, CA, USA
    #141
    Sorry, why the **** would you use an illegitimate version of Xcode, downloaded from a Chinese website of all places?!! It'll save what, a few hours of download time? Those app developers deserve to lose all their credibility. This kind of stuff is the reason I don't trust anything made by a Chinese company ever.
     
  17. pat500000 Suspended

    pat500000

    Joined:
    Jun 3, 2015
    #142
    To APPLE: Damn you! You only focus on patching JB-ing...and calling it "bug fix and security improvement." How about you guys retire and let new efficient people come in to take over?
     
  18. Floris macrumors 68020

    Floris

    Joined:
    Sep 7, 2007
    Location:
    Netherlands
    #143
    Not sure why you say that, because I am convinced you are not sitting at home doing background checks on every company, developer and review each app prior to purchase. Don't confuse "blind trust" with "reasonable to expect", especially when you're doing the same as everybody else (I assume you're not overly paranoid).
     
  19. ftlum, Sep 20, 2015
    Last edited: Sep 20, 2015

    ftlum macrumors regular

    Joined:
    Oct 24, 2011
    #144
    Aside from knowing which apps are infected, is ther a way to know if our passwords were actually stolen yet? I've not seen an obvious phishing popup and I don't copy and paste passwords.

    I'm also a little leery about changing all my passwords today, since it's not clear yet that if there are other apps out there that are also infected-- I may have to change my passwords yet again if I end up having another infected app besides Mercury Browser.
     
  20. richard4339, Sep 20, 2015
    Last edited by a moderator: Sep 21, 2015

    richard4339 macrumors 6502a

    richard4339

    Joined:
    Sep 6, 2006
    Location:
    Illinois
    #145
    This is why I get mad every time I go into a program that wants me to type in a password and hasn't bothered to implement password manager functionality. EA makes me even more upset by disabling pasting into the password box, which means people will use a less secure password, but would actually help against these hacks.
     
  21. iDemiurge, Sep 20, 2015
    Last edited by a moderator: Sep 21, 2015

    iDemiurge macrumors 6502

    iDemiurge

    Joined:
    Feb 7, 2011
    Location:
    Portugal
    #146
    There is a reason why local companies like Tencent and Baidu are allowed to operate in China, while others like Facebook, Twitter and Google are not, and this has to do, among other things, with who gets their hands on users' data.
     
  22. Tapper123 macrumors member

    Joined:
    Sep 16, 2015
    #147
    Absolutely furious.

    I was using the Mercury browser, and now I see it on that list. Deleted.

    Apple needs to BAN any developer that would do something so stupid.
     
  23. MattXDA macrumors 6502

    MattXDA

    Joined:
    Aug 18, 2014
    Location:
    UK
    #148
    Says Angry Birds 2 is infected... That would be pretty major.
     

    Attached Files:

  24. HowEver macrumors 6502a

    HowEver

    Joined:
    May 10, 2005
    Location:
    Toronto
    #149
    ^ "2 Angry Birds 2.1.1" may not be "Angry Birds" at all, just a sound-alike.
     
  25. OldSchoolMacGuy Suspended

    OldSchoolMacGuy

    Joined:
    Jul 10, 2008
    #150
    So if you download something from an unofficial source bad things could happen? You don't say.
     

Share This Page