Security researchers have discovered “backdoored” versions of an ad library embedded in thousands of iOS apps originally published in the Apple App Store.
The affected versions of this library embedded backdoors in iOS apps that used the library to display ads, opening the door for hackers to access sensitive user data and device functionality. Mobile security researchers at FireEye have identified 2,846 iOS apps containing backdoored versions of mobiSage SDK.
FireEye's blog post – which lays out the technical details of its discovery – can be found here.
Ghost in the shell
The latest threat is separate from a fresh outbreak of the XcodeGhost malware, another iOS threat, that was also subject to a warning from FireEye this week. The threat – which began in China – has recently surfaced in the US, the security firm warns.
Tod Beardsley, security research manager at Rapid7, the firm behind the Metasploit pen testing tool, said that the latest wave of XcodeGhost (like the one before) relies on developers following insecure practices.
“While it's troubling to see Trojaned applications continue to pop up on Apple's App Store, it's important to remember that XCodeGhost (and its variants) still rely on software developers to break at least two rules when it comes to installing developer tools.
“First, developers must seek out a an unofficial source for XCode, the development platform for iOS, and second, they must affirmatively bypass Gatekeeper, the anti-malware system that is designed to prevent installation of unsigned application binaries,” he added. ®