Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Xcode Malware affecting popular Chinese apps.

Status
Not open for further replies.
Yes, and it seems to affect un-jailbroken devices. The apps were approved by Apple and were/still are available in the App Store.
 
Thanks for the thread! Even with Apple's safeguards things can pass through. As an user we need to be more vigilant about the apps we install.
 
Surely not the great Apple, the impenetrable Apple can't get malware? I don't believe this story, they must be wrong.

No, really, **** Tim(nice but dim) must be crapping himself. I'm off to BlackBerry!!!
 
Will22 said:
Surely not the great Apple, the impenetrable Apple can't get malware? I don't believe this story, they must be wrong.

No, really, **** Tim(nice but dim) must be crapping himself. I'm off to BlackBerry!!!
Click to expand...
Yup happens when developers download x-code from non approved sites and use it to develop their apps. $h*t why use approved Apple site. Just grab code from any old Chinese site. What could possibly go wrong?

Shame on you Apple, for allowing developers to use anything not approved. From now on every developer gets an Apple guard armed with AK-47. And in future all apps will be delayed six months while every line of of code is reviewed prior to release.
 
Last edited:
This is not about android vs iOS or the silly "applesucks-appleisthebest" dichotomy. It's about users' security and privacy. It may be pretty hard to develop malware for iOS, but in China there are some people who are working pretty hard to do it and have strong incentives to do so. I don't have to say what their motivation is, because anyone with at least a superficial understanding of how China works will know it.

The point is that these are apps the vast majority of Chinese iOS users have in their phones. Wechat is one of the world's most popular IM platforms and if you live in China or have contacts in China odds are that you have it in your phone. Reason being that other rival platforms are simply not allowed to operate in China.

The articles point out that many Chinese developers snatched the compromised version of Xcode from a local Baidu depository because download speeds from abroad in China are pretty low. They are low because of surveillance, and it's possible that many bona fide Chinese developers were affected this way. But we are talking about China's largest internet companies here and about apps that are by no means amateurish. Draw your own conclusions from this.

There are reports coming from China now that more than 350 apps may have "backdoors" inserted into them via this XcodeGhost malware. I have tipped MacRumors and another popular rumor site on this, but no one is paying much attention to this. It seems that Pope Francis's visit delaying the delivery of new iPhones by a day is more important.

The supposed author of XcodeGhost is now reaching out saying that this was an experiment meant to harm no one. Believe this at your peril. https://github.com/XcodeGhostSource/XcodeGhost (in Chinese)
 
  • Like
Reactions: Will22 and SHNXX
iDemiurge said:
This is not about android vs iOS or the silly "applesucks-appleisthebest" dichotomy. It's about users' security and privacy. It may be pretty hard to develop malware for iOS, but in China there are some people who are working pretty hard to do it and have strong incentives to do so. I don't have to say what their motivation is, because anyone with at least a superficial understanding of how China works will know it.

The point is that these are apps the vast majority of Chinese iOS users have in their phones. Wechat is one of the world's most popular IM platforms and if you live in China or have contacts in China odds are that you have it in your phone. Reason being that other rival platforms are simply not allowed to operate in China.

The articles point out that many Chinese developers snatched the compromised version of Xcode from a local Baidu depository because download speeds from abroad in China are pretty low. They are low because of surveillance, and it's possible that many bona fide Chinese developers were affected this way. But we are talking about China's largest internet companies here and about apps that are by no means amateurish. Draw your own conclusions from this.

There are reports coming from China now that more than 350 apps may have "backdoors" inserted into them via this XcodeGhost malware. I have tipped MacRumors and another popular rumor site on this, but no one is paying much attention to this. It seems that Pope Francis's visit delaying the delivery of new iPhones by a day is more important.

The supposed author of XcodeGhost is now reaching out saying that this was an experiment meant to harm no one. Believe this at your peril. https://github.com/XcodeGhostSource/XcodeGhost (in Chinese)
Click to expand...
Excellent points, and I do believe it's more than my usual paranoia that there is something/someone bigger behind all this. Note how cyber attacks on US companies by China have slowed up just prior to China leader's state visit to White House. It was strongly hinted in news that US was going to hit China with sanctions for the incessant cyber attacks.

Would love to be fly on the wall during post White House meeting China leader is having with higher ups of Microsoft and other tech giant leaders as yet undisclosed. Guess only LinkedIn has sign Chinese document allowing government access to files. Those that have balked, have been denied access in China.

Between China hacks and spying and malware, NSA reading everything I write and say, and major companies like Google spying on my every move on the net to make a buck, I feel a bit challenged to say the least.
 
Last edited:
We raised them from the bronze age and they are at war with the hand that feeds them. Be careful on Macupdate as they post app from China that are disguised as American companies.
 
Status
Not open for further replies.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back