Yes. mercury-browser.com is the official developer site linked in the app store, and from there you find several references to ilegendsoft.com.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
What You Need to Know About iOS Malware XcodeGhost
- Thread starter MacRumors
- Start date
- Sort by reaction score
With you there - 350+ just recently migrated over to 1Password...
To re-iterate others, I really hope Apple take note and stop password prompt dialogs with no context...
Changing iCloud password might be overreacting...
The design of iOS makes it impossible for third-party apps to access iCloud password when they prompt users to type the password, if the device is not jailbroken. Thus the only way a malware could get the password is make a fake pop-up window asking user to login iCould (developer can draw a pop-up window that looks exactly like the iCloud login, but send the password somewhere else). But there is another problem, on a non-jailbroken device, apps other than App Store itself cannot access the iCloud ID, the fake iCloud window must ask user to type the iCloud ID as well, while other legitimate iCloud access requests only ask for the password.
In this sense, unless you have seen some third-party app asking you to provide both iCloud ID and password, it's impossible for the breacher to get hold of your iCloud ID and password at the same time.
The design of iOS makes it impossible for third-party apps to access iCloud password when they prompt users to type the password, if the device is not jailbroken. Thus the only way a malware could get the password is make a fake pop-up window asking user to login iCould (developer can draw a pop-up window that looks exactly like the iCloud login, but send the password somewhere else). But there is another problem, on a non-jailbroken device, apps other than App Store itself cannot access the iCloud ID, the fake iCloud window must ask user to type the iCloud ID as well, while other legitimate iCloud access requests only ask for the password.
In this sense, unless you have seen some third-party app asking you to provide both iCloud ID and password, it's impossible for the breacher to get hold of your iCloud ID and password at the same time.
fortunately it's been a while since I've used them, so deleted without opening Camscanner and Mercury, goodbye!
Thanks, deleted Mercury when I first heard about this just in case and it looks like it probably is Mercury browser
This is a very good point, and also quite reassuring because I certainly can't remember being asked while in the only affected app I have had installed (Mercury) to enter my full Apple ID. And I'm sure that would have stuck in my memory. Thanks liuk!
Yes but most complaints have to do with the subscription model that the PRO versions comes with.
I'll probably get rid of it anyhow now that Safari supports content blocking but I just want to know if I'm affected or not from this malware.
I would say be safe and assume you are, that's what I've done as a user of Mercury. Until I know for sure otherwise I'm playing it safe by getting rid of it, but must say I've never really had any suspect dialogs while using it
Not much use 'after the fact' for affected systems. Only useful to prevent further damage.
I wonder how hard it is for developers to submit a project instead of compiled object code. That way, Apple's secure servers can compile the object code and put it in the store.
There is something fishy going on with this once great browser. If you check their Facebook page, the app was removed from the app store a few months back (supposedly their developer account was hacked). That version (which I had also purchased a long time ago) is still gone. Then the browser reappeared under a different developer account ("Lucy Ding") with a subscription-based payment scheme. I strongly recommend to be cautious.
They suddenly had super speed to get a legit xcode? rolleyes
Why ever trust any of these companies ever again if their idea of professionalism means not having patience to do things right
Sorry, why the **** would you use an illegitimate version of Xcode, downloaded from a Chinese website of all places?!! It'll save what, a few hours of download time? Those app developers deserve to lose all their credibility. This kind of stuff is the reason I don't trust anything made by a Chinese company ever.
To APPLE: Damn you! You only focus on patching JB-ing...and calling it "bug fix and security improvement." How about you guys retire and let new efficient people come in to take over?
Not sure why you say that, because I am convinced you are not sitting at home doing background checks on every company, developer and review each app prior to purchase. Don't confuse "blind trust" with "reasonable to expect", especially when you're doing the same as everybody else (I assume you're not overly paranoid).
Aside from knowing which apps are infected, is ther a way to know if our passwords were actually stolen yet? I've not seen an obvious phishing popup and I don't copy and paste passwords.
I'm also a little leery about changing all my passwords today, since it's not clear yet that if there are other apps out there that are also infected-- I may have to change my passwords yet again if I end up having another infected app besides Mercury Browser.
I'm also a little leery about changing all my passwords today, since it's not clear yet that if there are other apps out there that are also infected-- I may have to change my passwords yet again if I end up having another infected app besides Mercury Browser.
Last edited:
This is why I get mad every time I go into a program that wants me to type in a password and hasn't bothered to implement password manager functionality. EA makes me even more upset by disabling pasting into the password box, which means people will use a less secure password, but would actually help against these hacks.
Last edited by a moderator:
There is a reason why local companies like Tencent and Baidu are allowed to operate in China, while others like Facebook, Twitter and Google are not, and this has to do, among other things, with who gets their hands on users' data.
Last edited by a moderator:
^ "2 Angry Birds 2.1.1" may not be "Angry Birds" at all, just a sound-alike.
