Apple users beware

Apple's iOS App Store suffers first major attack| Reuters

"Apple's iOS App Store suffers first major attack"

 

I had one app that was on the compromised list - Mercury Browser.
Removed it, reset to factory, changed iCloud password from clean pc, restored phone. I would highly advise anyone on iOS to change their iCloud password if you think that you may have randomly been asked to input it recently.

How do I protect myself against XcodeGhost?
iOS users should immediately uninstall any infected iOS app listed here on their devices, or update to a newer version that has removed the malware. Resetting your iCloud password, and any other passwords inputted on your iOS device, is also strongly recommended as a precautionary measure.

How does XcodeGhost put my iOS devices at risk?
iOS apps infected with XcodeGhost malware can and do collect information about devices and then encrypt and upload that data to command and control (C2) servers run by attackers through the HTTP protocol. The system and app information that can be collected includes:

• Current time

• Current infected app’s name

• The app’s bundle identifier

• Current device’s name and type

• Current system’s language and country

• Current device’s UUID

• Network type
  
  Palo Alto Networks also discovered that infected iOS apps can receive commands from the attacker through the C2 server to perform the following actions:

• Prompt a fake alert dialog to phish user credentials;

• Hijack opening specific URLs based on their scheme, which could allow for exploitation of vulnerabilities in the iOS system or other iOS apps;

• Read and write data in the user’s clipboard, which could be used to read the user’s password if that password is copied from a password management tool.

The App Store suffered its worst security breach in history over the weekend, when it was discovered that hundreds of Chinese apps have a malicious program dubbed ‘XcodeGhost’ embedded in their software.

The huge security lapse made its way into legitimate apps thanks to Chinese developers who used a counterfeit version of Apple’s Xcode software that was uploaded to file sharing service Baidu. By using XcodeGhost to compile their apps, developers accidentally allowed the malicious code to be distributed through the App Store.

Apple has pulled infected apps off the store to stop stop the spread, but users still need to delete XcodeGhost apps off their devices manually. Most of the apps infected are mostly used in China, however some big name apps like WeChat, Angry Birds 2, and Didi Chuxing (Uber’s biggest rival in China) were also hit.

Here’s a list of known infected apps:

• WeChat
• Didi Chuxing
• Angry Birds 2
• NetEase
• Micro Channel
• IFlyTek input
• Railway 12306
• The Kitchen
• Card Safe
• CITIC Bank move card space
• China Unicom Mobile Office
• High German map
• Jane book
• Eyes Wide
• Lifesmart
• Mara Mara
• Medicine to force
• Himalayan
• Pocket billing
• Flush
• Quick asked the doctor
• Lazy weekend
• Microblogging camera
• Watercress reading
• CamScanner
• CamCard
• SegmentFault
• Stocks open class
• Hot stock market
• Three new board
• The driver drops
• OPlayer
• Mercury
• WinZip
• Musical.ly
• PDFReader
• Perfect365
• PDFReader Free
• WhiteTile
• IHexin
• WinZip Standard
• MoreLikers2
• CamScanner Lite
• MobileTicket
• iVMS-4500
• OPlayer Lite
• QYER
• golfsense
• Ting
• Golfsensehd
• Wallpapers10000
• CSMBP-AppStore
• MSL108
• TinyDeal.com
• snapgrab copy
• iOBD2
• PocketScanner
• CuteCUT
• AmHexinForPad
• SuperJewelsQuest2
• air2
• InstaFollower
• CamScanner Pro
• baba
• WeLoop
• DataMonitor
• MSL070
• nice dev
• immtdchs
• OPlayer
• FlappyCircle
• BiaoQingBao
• SaveSnap
• Guitar Master
• jin
• WinZip Sector
• Quick Save

 

@M thanks

One outfit claimed to have found over 3,400 compromised apps. if that has been verified.