A booby-trapped version of Xcode—Apple’s development toolkit—is spreading on Chinese forums, and adding a malicious backdoor to any app made with it. Watch today’s video to learn more about XcodeGhost, and what developers and users should do to avoid it.
(Episode Runtime: 2:30)
Direct YouTube Link: https://www.youtube.com/watch?v=BC_oyFg7AnA
EPISODE REFERENCES:
- Palo Alto’s posts on XcodeGhost
- Original XcodeGhost post – Palo Alto
- At least 39 App Store apps infected – Palo Alto
- Malicious XcodeGhost apps can phish and steal passwords – Palo Alto
- What you need to know about Xc0deGhost – Forbes
- Apple removes 344 XcodeGhost apps – Geek
- UPDATE: Apple emails devs to share how to validate Xcode – Apple
- UPDATE 2: Now up to 4000 affected apps in the App Store – BBC
— Corey Nachreiner, CISSP (@SecAdept)
Leave a Reply