Apple is dealing today with something that Microsoft or Google is used to dealing with. Hackers attacked a weak link in Apple’s universe – the developer community. Apparently, the performance of Apple’s web site is poor in China, so developers often download software from alternative web sites. These hackers convinced enough developers to download a malware laced version of Xcode, a tool used by developers of mobile apps.
The thing that is surprising is that some of the developers that got fooled are major apps in China such as WeChat, a popular chatting app, Didi Kuaidi, a Uber-like app and over 300 other apps. Apparently, most of the affected apps were used in China.
Users need to be alert to email phishing scams that tell people they have been infected and need to click on a link to get a safe version of some app.
Apple has declined to say how many infected apps they have found – leading me to think that it is bigger than the 344 number that is currently being bandied about publicly.
While some of the vendors who’s apps were affected said that no data was compromised, I am less than convinced of that. Hackers would not go to all this trouble to do nothing.
There is also currently no way for Apple users to find out if any apps installed on their devices are infected.
What this says is that hackers will always look for the weak link. If you lock the front door but leave the back door open, thieves will figure that out. And if you lock both doors but leave a window open, they will find that too.
Unfortunately for businesses, this requires that they take a holographic view of security to look at things from all sides at once. THAT is what the hackers do.
If you are an Apple user, I would pause installing any apps until the dust settles a bit.
Information for this post came from Reuters.