September 23, 2015
As more eyes peer into XcodeGhost, the malware that managed to sneak into Apple’s App Store, more trouble bubbles to the surface.
Researchers at Palo Alto Networks said in an updated report that the malware contains a vulnerability that allows an attacker in man-in-the-middle position to control iOS applications infected by XcodeGhost.
“XcodeGhost used HTTP to upload information and receive [command and control] commands. The content in these HTTP requests and responses were encrypted by DES algorithm in ECB mode. It’s also not hard to find the encryption key in its code by reverse engineering,” wrote researcher Claud Xiao. “Consider that HTTP traffic can be hijacked or faked in many ways. … By exploiting this vulnerability, an attacker can construct any URL in any scheme and control infected apps to open, or prompt an alert dialog for further attacks.”