Dive Brief:
- FireEye says 210 U.S. enterprises are still using Apple mobile apps that contain a malicious program called XcodeGhost.
- Last month, more than 4,000 applications were found to have been compromised.
- Hackers embedded the malicious code by convincing developers to use a tainted version of Xcode, an application development tool, Apple said.
Dive Insight:
XcodeGhost adds hidden code to apps, which can then collect identifying information about a device.
Some app developers said they resorted to downloading the unofficial, third-party tool because of slow speeds downloading from Apple's official servers. However, some of those third-party tools were tainted with a malicious program called XcodeGhost that was consequently embedded in hundreds of legitimate apps.
Apple removed the infected apps from its App Store, but FireEye's latest finding shows many users may not have updated the infected apps with clean versions.
"Until these employees update their devices and apps, they are still vulnerable to potential hijacking of the XcodeGhost CnC traffic -- particularly when outside their corporate networks," FireEye said.
FireEye suggested users ensure all of their apps are up-to-date.
Prior to the incident, only five malicious apps had ever been found in the App Store, according to Palo Alto Networks Director of Threat Intelligence Ryan Olson. The September break-in was noteworthy because it demonstrated that the App Store could be compromised if hackers infect the machines of app developers.