Xcode Malware affecting popular Chinese apps.

Discussion in 'iPhone' started by iDemiurge, Sep 19, 2015.

Thread Status:
Not open for further replies.
  1. SHNXX macrumors 68000

    Joined:
    Oct 2, 2013
  2. iDemiurge thread starter macrumors 6502

    iDemiurge

    Joined:
    Feb 7, 2011
    Location:
    Portugal
    #3
    Yes, and it seems to affect un-jailbroken devices. The apps were approved by Apple and were/still are available in the App Store.
     
  3. tophril macrumors newbie

    Joined:
    Jul 4, 2015
    #5
    The only one I have was Mercury, which I hardly used
     
  4. doboy macrumors 68000

    Joined:
    Jul 6, 2007
    #6
    Thanks for the thread! Even with Apple's safeguards things can pass through. As an user we need to be more vigilant about the apps we install.
     
  5. Will22 macrumors 65816

    Will22

    Joined:
    Dec 4, 2011
    #7
    Surely not the great Apple, the impenetrable Apple can't get malware? I don't believe this story, they must be wrong.

    No, really, **** Tim(nice but dim) must be crapping himself. I'm off to BlackBerry!!!
     
  6. HEK, Sep 19, 2015
    Last edited: Sep 19, 2015

    HEK macrumors 68030

    HEK

    Joined:
    Sep 24, 2013
    #8
    Yup happens when developers download x-code from non approved sites and use it to develop their apps. $h*t why use approved Apple site. Just grab code from any old Chinese site. What could possibly go wrong?

    Shame on you Apple, for allowing developers to use anything not approved. From now on every developer gets an Apple guard armed with AK-47. And in future all apps will be delayed six months while every line of of code is reviewed prior to release.
     
  7. iDemiurge thread starter macrumors 6502

    iDemiurge

    Joined:
    Feb 7, 2011
    Location:
    Portugal
    #9
    This is not about android vs iOS or the silly "applesucks-appleisthebest" dichotomy. It's about users' security and privacy. It may be pretty hard to develop malware for iOS, but in China there are some people who are working pretty hard to do it and have strong incentives to do so. I don't have to say what their motivation is, because anyone with at least a superficial understanding of how China works will know it.

    The point is that these are apps the vast majority of Chinese iOS users have in their phones. Wechat is one of the world's most popular IM platforms and if you live in China or have contacts in China odds are that you have it in your phone. Reason being that other rival platforms are simply not allowed to operate in China.

    The articles point out that many Chinese developers snatched the compromised version of Xcode from a local Baidu depository because download speeds from abroad in China are pretty low. They are low because of surveillance, and it's possible that many bona fide Chinese developers were affected this way. But we are talking about China's largest internet companies here and about apps that are by no means amateurish. Draw your own conclusions from this.

    There are reports coming from China now that more than 350 apps may have "backdoors" inserted into them via this XcodeGhost malware. I have tipped MacRumors and another popular rumor site on this, but no one is paying much attention to this. It seems that Pope Francis's visit delaying the delivery of new iPhones by a day is more important.

    The supposed author of XcodeGhost is now reaching out saying that this was an experiment meant to harm no one. Believe this at your peril. https://github.com/XcodeGhostSource/XcodeGhost (in Chinese)
     
  8. HEK, Sep 20, 2015
    Last edited: Sep 20, 2015

    HEK macrumors 68030

    HEK

    Joined:
    Sep 24, 2013
    #10
    Excellent points, and I do believe it's more than my usual paranoia that there is something/someone bigger behind all this. Note how cyber attacks on US companies by China have slowed up just prior to China leader's state visit to White House. It was strongly hinted in news that US was going to hit China with sanctions for the incessant cyber attacks.

    Would love to be fly on the wall during post White House meeting China leader is having with higher ups of Microsoft and other tech giant leaders as yet undisclosed. Guess only LinkedIn has sign Chinese document allowing government access to files. Those that have balked, have been denied access in China.

    Between China hacks and spying and malware, NSA reading everything I write and say, and major companies like Google spying on my every move on the net to make a buck, I feel a bit challenged to say the least.
     
  9. iDemiurge thread starter macrumors 6502

    iDemiurge

    Joined:
    Feb 7, 2011
    Location:
    Portugal
    #11
    The issue finally made it to the front page. Glad it did.
     
  10. Michaelgtrusa macrumors 604

    Michaelgtrusa

    Joined:
    Oct 13, 2008
    Location:
    Everywhere And Nowhere
    #12
    We raised them from the bronze age and they are at war with the hand that feeds them. Be careful on Macupdate as they post app from China that are disguised as American companies.
     
  11. balamw Moderator

    balamw

    Staff Member

    Joined:
    Aug 16, 2005
    Location:
    New England
    #13
Thread Status:
Not open for further replies.

Share This Page