评论
打印
The company disclosed the effort after several cyber security firms reported finding a malicious program dubbed XcodeGhost that was embedded in hundreds of legitimate apps.
几家网络安全公司报道称,一款名为“XcodeGhost”的病毒程序被嵌入苹果应用商店数百款合法应用当中,在此之后,苹果公司公开了其为删除恶意程序所做的努力。
It is the first reported case of large numbers of malicious software programs making their way past Apple's stringent app review process. Prior to this attack, a total of just five malicious apps had ever been found in the App Store, according to cyber security firm Palo Alto Networks Inc.
大量恶意软件程序通过了苹果严格的应用审批程序,这是有报道的第一例。据网络安全公司帕洛阿尔托网络公司称,在此次袭击之前,苹果应用商店只发现过五款恶意软件。
The hackers embedded the malicious code in these apps by convincing developers of legitimate software to use a tainted, counterfeit version of Apple's software for creating iOS and Mac apps, which is known as Xcode, Apple said.
苹果公司称,黑客通过说服合法应用的开发者使用感染的、假冒版本的苹果软件来开发iOS和Mac应用,以此把恶意代码,也就是Xcode嵌入到这些应用当中。
"We've removed the apps from the App Store that we know have been created with this counterfeit software," Apple spokeswoman Christine Monaghan said in an email. "We are working with the developers to make sure they're using the proper version of Xcode to rebuild their apps."
“我们已经把那些由假冒软件开发出的应用从应用商店中清除了,” 苹果公司的发言人克里斯汀·莫纳汉在电子邮件中称,“我们正在同开发者合作,确保他们使用正版Xcode重新开发应用。”
She did not say what steps iPhone and iPad users could take to determine whether their devices were infected.
但该发言人并未透露iPhone和iPad用户应采取何种步骤来判断自己的设备是否感染了病毒。
Palo Alto Networks Director of Threat Intelligence Ryan Olson said the malware had limited functionality and his firm had uncovered no examples of data theft or other harm as a result of the attack.
帕洛阿尔托网络公司的情报总监雷恩·奥尔森表示,这款恶意软件的功能有限,他的公司还没有发现由于这次袭击而造成的用户数据被盗或者是其他损害。
Still, he said it was "a pretty big deal" because it showed that the App Store could be compromised if hackers infected machines of software developers writing legitimate apps. Other attackers may copy that approach, which is hard to defend against, he said.
但是奥尔森称这是“十分严重的一件事”,因为它表明如果黑客使软件开发者编写合法应用的设备感染上病毒,那么苹果应用商店是缺乏抵抗力的。其他黑客可能会复制这一方法,这是很难防御的。
"Developers are now a huge target," he said.
“应用开发者如今成为了黑客攻击的巨大目标,”他说。
Researchers said infected apps included Tencent Holdings Ltd's popular mobile chat app WeChat, car-hailing app Didi Kuaidi and a music app from Internet portal NetEase Inc.
研究人员称,感染病毒的软件包括腾讯控股有限公司十分普及的手机聊天软件微信,打车软件滴滴快的和一款来自互联网门户网站网易的音乐软件。
The tainted version of Xcode was downloaded from a server in China that developers may have used because it allowed for faster downloads than using Apple's US servers, Olson said.
奥尔森说,受感染版本的Xcode是从一个中国服务器上下载的,开发者之所以使用这个服务器是因为它比苹果美国服务器的下载速度更快。
Chinese security firm Qihoo360 Technology Co said on its blog that it had uncovered 344 apps tainted with XcodeGhost.
中国网络安全公司奇虎360科技有限公司在其博客中表示,该公司已发现344款受到XcodeGhost感染的应用。
Apple declined to say how many apps it had uncovered.
不过苹果方面拒绝透露其发现的受感染应用的数量。
