XcodeGhost malware updated to target iOS 9

XcodeGhost malware updated to target iOS 9

By repackaging Xcode and tricking developers into downloading it, the XcodeGhost malware has infected countless iOS apps. However, after a recent upgrade, it has targeted iOS 9 and more US institutional users. The discovery was disclosed by FireEye researchers, who now call the new version of the malware XcodeGhost S because it can infect the latest iPhone 6s series models.

[[155272]]

FireEye pointed out that the new version of XcodeGhost has been explicitly upgraded to support the new features in iOS 9. At the same time, it also added new mechanisms to avoid being detected.

Specifically, XcodeGhost S has been modified to circumvent the HTTPS communication restriction, a mandatory requirement on iOS 9, which would have blocked transmissions between XcodeGhost and the command and control server (C&C Server).

In addition, in order to avoid being discovered by security tools based on static detection, XcodeGhost has now used a novel technique to cover up its C&C server. Instead of using hard-coded addresses in its code, it uses URLs assembled by characters.

Distribution of organizations affected by XcodeGhost.

FireEye said that at least one new app in the App Store has been infected with XcodeGhost S. The name of this app is "Freedom State". As a shopping app, it is mainly aimed at users in the United States and China, but the company has cooperated with Apple to remove it.

In addition to the new version of XcodeGhost S, FireEye also found that the old version of XcodeGhost has set its sights on American companies. The affected institutions are concentrated in education, high-tech, manufacturing, communications, e-commerce, and finance.

"Although most vendors have updated their apps on the App Store, data suggests that there are still many active users using older, infected versions of the apps, and they are distributed across a variety of domains," the FireEye team concluded.

<<:  TTPPRC business model, acquire MBA's business analysis ability in 30 minutes

>>:  The master cracked the Trojan APP and burst into laughter at the end

Recommend

Dismantling Spark Education’s K12 Education Operation Growth Strategy

Today's case comes from Chen Xi, an outstandi...

Practical Tips | How to develop a marketing framework to change user behavior?

If you want to change user behavior, you need a m...

Case analysis of information flow advertising in the clothing franchise industry

This is an era of excellence, and with the help o...

The most practical seed user operation method

I have been wanting to talk about the seed user o...

Dissecting the three strategies of brand private domain KOC incubation

KOC is the key node in the current private domain...

A complete guide to community operations!

Today we are going to talk about how to play the ...

11 suggestions on how to carry out ground promotion in a refined manner

Since I started my business and entered the field...

Information flow advertising delivery is unstable, how to optimize it?

Written in front In response to recent feedback fr...

The entire process of setting up a Baidu search account, super detailed!

A good account structure, like a solid foundation...

4 cases of Super Fans Pass, let the data speak for themselves!

We have previously introduced the new features of...

Promotion on Bilibili: 8 tips to become popular!

Today we will take a look at the mechanism of Bil...