What You Need to Know About iOS Malware XcodeGhost

Yes. mercury-browser.com is the official developer site linked in the app store, and from there you find several references to ilegendsoft.com.

 

With you there - 350+ just recently migrated over to 1Password...

To re-iterate others, I really hope Apple take note and stop password prompt dialogs with no context...

 

Changing iCloud password might be overreacting...

The design of iOS makes it impossible for third-party apps to access iCloud password when they prompt users to type the password, if the device is not jailbroken. Thus the only way a malware could get the password is make a fake pop-up window asking user to login iCould (developer can draw a pop-up window that looks exactly like the iCloud login, but send the password somewhere else). But there is another problem, on a non-jailbroken device, apps other than App Store itself cannot access the iCloud ID, the fake iCloud window must ask user to type the iCloud ID as well, while other legitimate iCloud access requests only ask for the password.

In this sense, unless you have seen some third-party app asking you to provide both iCloud ID and password, it's impossible for the breacher to get hold of your iCloud ID and password at the same time.

 

fortunately it's been a while since I've used them, so deleted without opening Camscanner and Mercury, goodbye!

 

The review are not good. https://itunes.apple.com/app/id1000610117?mt=8

 

Thanks, deleted Mercury when I first heard about this just in case and it looks like it probably is Mercury browser

This is a very good point, and also quite reassuring because I certainly can't remember being asked while in the only affected app I have had installed (Mercury) to enter my full Apple ID. And I'm sure that would have stuck in my memory. Thanks liuk!

 

Yes but most complaints have to do with the subscription model that the PRO versions comes with.

I'll probably get rid of it anyhow now that Safari supports content blocking but I just want to know if I'm affected or not from this malware.

 

I would say be safe and assume you are, that's what I've done as a user of Mercury. Until I know for sure otherwise I'm playing it safe by getting rid of it, but must say I've never really had any suspect dialogs while using it

 

Has apple made a statement?

 

There is absolutely zero reason to even bat an eyelash of concern at this. This has been an ongoing story for a few weeks...

 

Not much use 'after the fact' for affected systems. Only useful to prevent further damage.

 

I wonder how hard it is for developers to submit a project instead of compiled object code. That way, Apple's secure servers can compile the object code and put it in the store.

 

What is "a long time"?

 

There is something fishy going on with this once great browser. If you check their Facebook page, the app was removed from the app store a few months back (supposedly their developer account was hacked). That version (which I had also purchased a long time ago) is still gone. Then the browser reappeared under a different developer account ("Lucy Ding") with a subscription-based payment scheme. I strongly recommend to be cautious.

 

They suddenly had super speed to get a legit xcode? rolleyes

Why ever trust any of these companies ever again if their idea of professionalism means not having patience to do things right

 

Sorry, why the **** would you use an illegitimate version of Xcode, downloaded from a Chinese website of all places?!! It'll save what, a few hours of download time? Those app developers deserve to lose all their credibility. This kind of stuff is the reason I don't trust anything made by a Chinese company ever.

 

To APPLE: Damn you! You only focus on patching JB-ing...and calling it "bug fix and security improvement." How about you guys retire and let new efficient people come in to take over?

 

Not sure why you say that, because I am convinced you are not sitting at home doing background checks on every company, developer and review each app prior to purchase. Don't confuse "blind trust" with "reasonable to expect", especially when you're doing the same as everybody else (I assume you're not overly paranoid).

 

Aside from knowing which apps are infected, is ther a way to know if our passwords were actually stolen yet? I've not seen an obvious phishing popup and I don't copy and paste passwords.

I'm also a little leery about changing all my passwords today, since it's not clear yet that if there are other apps out there that are also infected-- I may have to change my passwords yet again if I end up having another infected app besides Mercury Browser.

 

This is why I get mad every time I go into a program that wants me to type in a password and hasn't bothered to implement password manager functionality. EA makes me even more upset by disabling pasting into the password box, which means people will use a less secure password, but would actually help against these hacks.

 

There is a reason why local companies like Tencent and Baidu are allowed to operate in China, while others like Facebook, Twitter and Google are not, and this has to do, among other things, with who gets their hands on users' data.

 

Absolutely furious.

I was using the Mercury browser, and now I see it on that list. Deleted.

Apple needs to BAN any developer that would do something so stupid.

 

Says Angry Birds 2 is infected... That would be pretty major.

 

^ "2 Angry Birds 2.1.1" may not be "Angry Birds" at all, just a sound-alike.

 

So if you download something from an unofficial source bad things could happen? You don't say.