You may have seen news today that the Apple App Store in China has been infected with malware. John Smith, principal solutions architect at Veracode commented on the hackers infiltrated the vaunted Apple ecosystem by injecting malicious software into popular Chinese mobile apps.
[su_note note_color=”#ffffcc” text_color=”#00000″]John Smith, Principal Solutions Architect at Veracode :
“In recent years it has seemed that the problem of Mobile Malware was bigger for Android than for iOS. The more rigorous testing regime required before an iOS app can be published has always been considered to be the reason for this difference, but in this case it seems to have fallen short. One very interesting aspect of this incident is that that the developers of the apps had no knowledge that their own code was being used to carry malware – it was the modified development environment (Xcode) that introduced the payload.
This case highlights the importance of testing what you actually provide to your customers, rather than what you think you are providing. Analysing the compiled code for vulnerabilities and malware using technologies such as Binary Static Analysis and App Reputation Testing could have prevented these dangerous apps from ever being published.”[/su_note][su_box title=”About Veracode” style=”noise” box_color=”#336588″]
Veracode is a leader in securing web, mobile and third-party applications for the world’s largest global enterprises. By enabling organizations to rapidly identify and remediate application-layer threats before cyberattackers can exploit them, Veracode helps enterprises speed their innovations to market – without compromising security.Veracode’s powerful cloud-based platform, deep security expertise and systematic, policy-based approach provide enterprises with a simpler and more scalable way to reduce application-layer risk across their global software infrastructures.Veracode serves hundreds of customers across a wide range of industries, including nearly one-third of the Fortune 100, three of the top four U.S. commercial banks and more than 20 of Forbes’ 100 Most Valuable Brands.[/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.