iOS App security crisis, XcodeGhost Trojan invasion variety of Chinese software.

Posted by on
Yesterday outbreak developers use a third-party channel development and application download Xcode compiler infected, the virus causes the application to carry XcodeGhost Trojan event has continued to ferment, in addition to yesterday's report, until now, have further development, summed up Update the following three points: Great Depression of XcodeGhost Trojan virus iOS subsequent three updates.

XcodeGhost Trojan

iOS App security crisis, XcodeGhost Trojan invasion variety of Chinese software.

Update

Caught in the expanding application software, the 360 Internet Defense Laboratory in pursuing this matter, and constantly update the list, in addition to yesterday has confirmed, as well as in accordance with the version number of the positioning of Baidu music (5.2.7.3 - 5.2.7 ), poor tour (6.4.1 - 6.4), China Southern Airlines (2.6.5.0730 - 2.6.5), Tianya (2.1), micro-channel (6.2.5), etc. Applications, please click here to view the list of updates (or go Internet Defense Laboratory page 360), can now confirm that the application and the specific version numbers are as follows:

  1. Eyes Wide 1.8.0
  2. Unicom mobile phone business hall 3.2
  3. Mom Circle 5.3.0
  4. China Southern Airlines 2.6.5.0730 - 2.6.5
  5. Bank of Nanjing 3.6 - 3.0.4
  6. Reversal of the Three 5.80.5 - 5.80
  7. Poor tour 6.4.1
  8. Poor tour 6.4.1 - 6.4
  9. Three famous 4.5.0.1 - 4.5.1
  10. Angel mortgage 5.3.0.2 - 5.3.0
  11. Tianya 5.1.0
  12. 12306 Railroad 2.1
  13. Flush 9.60.01
  14. Flush 9.26.03
  15. Pushpin 7.7.2
  16. Netease open class 4.2.8
  17. NetEase cloud music 2.8.3
  18. NetEase cloud music 2.8.1
  19. Micro-channel 6.2.5
  20. I called MT 4.6.2
  21. My name MT2 1.8.5
  22. 4.3.2 the kitchen
  23. 4.3.1 the kitchen
  24. Dreaming Journey OL 4.6.0
  25. Clinic Assistant 7.2.3
  26. Freedom Battle 1.0.9
  27. Vol Paper 3.3.1
  28. Jane book 2.9.1
  29. Stock Radar 5.6.1 - 5.6
  30. High moral map 7.3.8.1040 - 7.3.8
  31. High German map 7.3.8.2037
  32. 2.0.1 bedside couple words
  33. Dynamic Card Space 3.4.4.1 - 3.4.4
  34. Telephone attribution Assistant 3.6.3
  35. Didi taxi 3.9.7.1 - 3.9.7
  36. Didi travel 4.0.0
  37. Stocks open class 3.10.02 - 3.10.01
  38. Baidu Music 5.2.7.3 - 5.2.7
  39. YaYa pharmacist 1.1.1
  40. YaYa 6.4.3 - 6.4
  41. WO + Wealth 2.0.6 - 2.0.4
  42. WallpaperFlip 1.8
  43. VGO as the letter 1.6.0
  44. UME cinema tickets 2.9.4
  45. UA movie tickets 2.9.2
  46. Theme 2.4 - 2.4
  47. Theme 2.4.2 - 2.4
  48. Phone + 3.3.6
  49. Perfect365 4.6.16
  50. OPlayer Lite 21051 - 2105
  51. MTP Management Micro Science 1.0.0 - 2.0.1
  52. Mail Attach 2.3.2 - 2.3
  53. Jewels Quest 2 3.39
  54. How Old Do I Look? How Old Am I? -Face Age Camera 3.6.7
  55. H3C easy to search through 2.3 - 2.2
  56. Digit God 2.0.4 - 2.0
  57. Cute CUT 1.7
  58. CarrotFantasy 1.7.0.1 - 1.7.0
  59. CamCard 6.3.2.9095 - 6.3.2
  60. Albums 2.9.2
  61. AA Accounting 1.8.7 - 1.8
  62. 51 Card Safe 5.0.1
  63. 2345 Browser 4.0.1

In addition to the above these unfortunate infected app, but also there are some ten million super middleweight app is not affected. Such news client "Today's headlines" in the official statement, using the official Apple Xcode development tools, is not to inject malicious code. With an estimated further fermentation event, there will be more and more application developers to respond or not to confirm the safety of app.

[Update two]

As the download channel side, Thunder also issued a notice : Thunder server has not been infected, and the first time to arrange for testing engineer. Engineers tested two versions of the 7.0 Xcode6.4 and download clouds mentioned in the original network, the server checks the index file checksum message, and compares the files on the server is offline, the results are official Apple Download consistent file messages. In other words, the official link of Xcode by Thunder download is not malicious code.

[Update three]

After Saic studies infer XcodeGhost attack mode : After users install the target application software, the Trojan sends user data to the server. Server to return the analog popups as needed. Pop can prompt payment failed, please destination payments, may also be an enterprise software package. Once the user is induced unaudited installation package installed, the program can call the private API system to achieve the purpose of further attacks.

Comments

Post a Comment

Please leave your comments and suggestions here.