Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Sorry if this is a stupid question but are both those domains you are talking about related to Mercury the browser? (ilegendsoft and Mercury-browser) Thanks
Yes. mercury-browser.com is the official developer site linked in the app store, and from there you find several references to ilegendsoft.com.
 
Are you kidding me? I keep 180+ passwords in a password manager, it'd take a month of Sundays to change them all!
With you there - 350+ just recently migrated over to 1Password...

To re-iterate others, I really hope Apple take note and stop password prompt dialogs with no context...
 
  • Like
Reactions: V.K.
Changing iCloud password might be overreacting...

The design of iOS makes it impossible for third-party apps to access iCloud password when they prompt users to type the password, if the device is not jailbroken. Thus the only way a malware could get the password is make a fake pop-up window asking user to login iCould (developer can draw a pop-up window that looks exactly like the iCloud login, but send the password somewhere else). But there is another problem, on a non-jailbroken device, apps other than App Store itself cannot access the iCloud ID, the fake iCloud window must ask user to type the iCloud ID as well, while other legitimate iCloud access requests only ask for the password.

In this sense, unless you have seen some third-party app asking you to provide both iCloud ID and password, it's impossible for the breacher to get hold of your iCloud ID and password at the same time.
 
Yes. mercury-browser.com is the official developer site linked in the app store, and from there you find several references to ilegendsoft.com.

Thanks, deleted Mercury when I first heard about this just in case and it looks like it probably is Mercury browser

Changing iCloud password might be overreacting...

The design of iOS makes it impossible for third-party apps to access iCloud password when they prompt users to type the password, if the device is not jailbroken. Thus the only way a malware could get the password is make a fake pop-up window asking user to login iCould (developer can draw a pop-up window that looks exactly like the iCloud login, but send the password somewhere else). But there is another problem, on a non-jailbroken device, apps other than App Store itself cannot access the iCloud ID, the fake iCloud window must ask user to type the iCloud ID as well, while other legitimate iCloud access requests only ask for the password.

In this sense, unless you have seen some third-party app asking you to provide both iCloud ID and password, it's impossible for the breacher to get hold of your iCloud ID and password at the same time.

This is a very good point, and also quite reassuring because I certainly can't remember being asked while in the only affected app I have had installed (Mercury) to enter my full Apple ID. And I'm sure that would have stuck in my memory. Thanks liuk!
 
  • Like
Reactions: lelisa13p
Yes but most complaints have to do with the subscription model that the PRO versions comes with.

I'll probably get rid of it anyhow now that Safari supports content blocking but I just want to know if I'm affected or not from this malware.

I would say be safe and assume you are, that's what I've done as a user of Mercury. Until I know for sure otherwise I'm playing it safe by getting rid of it, but must say I've never really had any suspect dialogs while using it
 
  • Like
Reactions: lelisa13p
Has apple made a statement?
 

Attachments

  • Screen Shot 2015-09-20 at 2.24.04 PM.png
    Screen Shot 2015-09-20 at 2.24.04 PM.png
    23.3 KB · Views: 289
Last edited:
There is absolutely zero reason to even bat an eyelash of concern at this. This has been an ongoing story for a few weeks...
 
  • Like
Reactions: int79
I wonder how hard it is for developers to submit a project instead of compiled object code. That way, Apple's secure servers can compile the object code and put it in the store.
 
And how hard is it to actually read the original article, which addresses this?

Why would some Chinese developers download Xcode from Baidu?
Xcode is a large file that can take a long time to download from Apple's servers in China, leading some developers to download Xcode from unofficial sources.​
What is "a long time"?
 
Yes but most complaints have to do with the subscription model that the PRO versions comes with.

I'll probably get rid of it anyhow now that Safari supports content blocking but I just want to know if I'm affected or not from this malware.
There is something fishy going on with this once great browser. If you check their Facebook page, the app was removed from the app store a few months back (supposedly their developer account was hacked). That version (which I had also purchased a long time ago) is still gone. Then the browser reappeared under a different developer account ("Lucy Ding") with a subscription-based payment scheme. I strongly recommend to be cautious.
 
Sorry, why the **** would you use an illegitimate version of Xcode, downloaded from a Chinese website of all places?!! It'll save what, a few hours of download time? Those app developers deserve to lose all their credibility. This kind of stuff is the reason I don't trust anything made by a Chinese company ever.
 
  • Like
Reactions: int79
To APPLE: Damn you! You only focus on patching JB-ing...and calling it "bug fix and security improvement." How about you guys retire and let new efficient people come in to take over?
 
  • Like
Reactions: frozencarbonite
The biggest security flaw for Apple users is their own blind trust in the Apple ecosystem they are in. The very fact that most just refuse to believe that they are not untouchable, is and always will be their biggest security threat.
Not sure why you say that, because I am convinced you are not sitting at home doing background checks on every company, developer and review each app prior to purchase. Don't confuse "blind trust" with "reasonable to expect", especially when you're doing the same as everybody else (I assume you're not overly paranoid).
 
Aside from knowing which apps are infected, is ther a way to know if our passwords were actually stolen yet? I've not seen an obvious phishing popup and I don't copy and paste passwords.

I'm also a little leery about changing all my passwords today, since it's not clear yet that if there are other apps out there that are also infected-- I may have to change my passwords yet again if I end up having another infected app besides Mercury Browser.
 
Last edited:
Read and write data in the user's clipboard, which could be used to read the user's password if that password is copied from a password management tool.

can the app read the clipboard even when its not active?

so much for password management tools on iOS...

This is why I get mad every time I go into a program that wants me to type in a password and hasn't bothered to implement password manager functionality. EA makes me even more upset by disabling pasting into the password box, which means people will use a less secure password, but would actually help against these hacks.
 
Last edited by a moderator:
They suddenly had super speed to get a legit xcode? rolleyes

Why ever trust any of these companies ever again if their idea of professionalism means not having patience to do things right

There is a reason why local companies like Tencent and Baidu are allowed to operate in China, while others like Facebook, Twitter and Google are not, and this has to do, among other things, with who gets their hands on users' data.
 
Last edited by a moderator:
Absolutely furious.

I was using the Mercury browser, and now I see it on that list. Deleted.

Apple needs to BAN any developer that would do something so stupid.
 
Says Angry Birds 2 is infected... That would be pretty major.
 

Attachments

  • Screen Shot 2015-09-20 at 22.50.34.png
    Screen Shot 2015-09-20 at 22.50.34.png
    143.2 KB · Views: 378
  • Screen Shot 2015-09-20 at 22.49.08.png
    Screen Shot 2015-09-20 at 22.49.08.png
    237.6 KB · Views: 374
  • Like
Reactions: V.K.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.