HT202491: OS X: About Gatekeeper

Learn about OS X: About Gatekeeper
Nms717

Q: Is the Foscam Security camera app infected?  I think it is.

According to ATT, the Foscam security camera app is infected with the "xcodeghost" malware.  ATT sent me an email regarding malware And it's the only app I installed in the past few months.  I have Foscam C1 camera apps on my iPad only.  When I had to reset my camera yesterday, the app was gone from the Apple Store but could be found on Google Apps an on Foscam's website.  I am taking the cameras back for a refund And deleted the app from my iPad.

 

It's great that Apple is on top of this issue.  WATCH OUT FOR FOSCAM APPS.

iPad 2, iOS 7.1, Screen blacks out

Posted on Oct 14, 2015 12:03 PM

Close

Q: Is the Foscam Security camera app infected?  I think it is.

  • All replies
  • Helpful answers

  • by Allan Eckert,Solvedanswer

    Allan Eckert Allan Eckert Oct 14, 2015 12:08 PM in response to Nms717
    Level 9 (53,418 points)
    Desktops
    Oct 14, 2015 12:08 PM in response to Nms717

    That smells more like a scam to me.

     

    Please post a copy of the email so we can check it out.

  • by Johnathan Burger,

    Johnathan Burger Johnathan Burger Oct 14, 2015 1:13 PM in response to Nms717
    Level 6 (16,099 points)
    Oct 14, 2015 1:13 PM in response to Nms717

    The official app from Foscam Digital technologies is still in the store.

    I just pulled it up from a link on the Foscam site.

     

    There are several "unofficial " apps from Chinese developers also in the store.

    Most likely you were using a unofficial app.

    Use the official one from the actual company that made the equipment.

  • by ShagCA,Helpful

    ShagCA ShagCA Oct 14, 2015 2:21 PM in response to Nms717
    Level 4 (1,814 points)
    iPad
    Oct 14, 2015 2:21 PM in response to Nms717

    It may be real. It's wise to remove the app. I would take it a step further... factory reset the device.

     

    http://arstechnica.com/security/2015/09/apple-scrambles-after-40-malicious-xcode ghost-apps-haunt-app-store/

    Apple officials are cleaning up the company's App Store after a security firm reported that almost 40 iOS apps contained malicious code that made iPhones and iPads part of a botnet that stole potentially sensitive user information.

     

    XcodeGhost is an example of compiler malware. Instead of trying to create a malicious app and get it approved in the App Store, XcodeGhost’s creator(s) targeted Apple’s legitimate iOS/OSX app development tool called Xcode to distribute the malicious code in legitimate apps.

  • by Nms717,

    Nms717 Nms717 Oct 14, 2015 2:38 PM in response to Nms717
    Level 1 (0 points)
    Oct 14, 2015 2:38 PM in response to Nms717


    Begin forwarded message:

     

     

    From: "AT&T IISS Network Security" <netsec@att.net>
    Date: October 14, 2015 at 8:57:47 AM EDT
    To:
    Subject: Malware infection advisory for AT&T U-verse Site ID 10....... (issue 0040)

     

    SEe attached notice from ATT.  I REMOVED MY INFORMATION.

     

    Malware infection advisory from AT&T Internet Services Security Center

    AT&T U-verse Site
    Dear N

    AT&T has received information indicating that one or more devices using your Internet connection may be infected with malicious software. Internet traffic consistent with a malware infection (“xcodeghost”) was observed on Oct 12, 2015 at 7:04 AM EDT from the IP addresS ...................Our records indicate that this IP address was assigned to you at this time.

    Infected computers are often used as part of a zombie computer network (“botnet”). Botnets are networks of computers which have been infected with malware and placed under the control of a hacker or group of hackers. They are often used for attacks on websites, spamming, fraud, and distribution of additional malware.

    Because malware is designed to run in secret, an infected computer may display no obvious symptoms.

    To address this matter we ask that you take the following actions. If your computer(s) are managed by an Information Technology (IT) group at your place of work, please pass this information on to them.
    1. If you use a wireless network, an infected computer may be using your Internet connection without your knowledge. Ensure that your wireless router is password-protected and using WPA or WPA2 encryption (use WEP only if WPA is not available). Check the connections to the router and ensure that you recognize all connected devices.
    2. Ensure your firewall settings and anti-virus software are up-to-date, and install any necessary service packs or patches. Scan all systems for viruses and other malware.
    Additional tools and information:

     

    Regards,
    AT&T Internet Services Security Center

    Incident details for 162.....................

     

    Type: xcodeghost
    Source port:
    Destination port:


    DISCLAIMER: The information above contains links to software by third-party vendors (hereafter, “the Software”). AT&T is not responsible for support or assistance for any of the Software. If you need support or assistance with any of the Software, please contact the Software's vendor directly. AT&T is unable to provide a warranty or guarantee, either expressed or implied, for any of the Software. You will be responsible for your own system software and system security and not hold AT&T, its partners, agents or affiliates liable for any costs or damages whatsoever (including, without limitation, damages to access system, hardware and/or software) to your computer as a result of installing or using any of the Software. You also understand that use of all hardware and/or software must comply with the AT&T Acceptable Use Policy.
    Important Note: This email contains links to various websites. You may copy and paste the URL(s) into your browser rather than clicking directly on the link.

    ©2005 - 2015 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks contained herein are the property of their respective owners.
    Privacy Policy (Updated September 16, 2013)

     

  • by Csound1,

    Csound1 Csound1 Oct 14, 2015 2:29 PM in response to Nms717
    Level 9 (50,202 points)
    Desktops
    Oct 14, 2015 2:29 PM in response to Nms717

    That looks genuine, and FYI, you just gave your IP address to the world.

  • by Nms717,

    Nms717 Nms717 Oct 14, 2015 2:33 PM in response to Csound1
    Level 1 (0 points)
    Oct 14, 2015 2:33 PM in response to Csound1

    not my IP address In the post

  • by Csound1,

    Csound1 Csound1 Oct 14, 2015 2:34 PM in response to Nms717
    Level 9 (50,202 points)
    Desktops
    Oct 14, 2015 2:34 PM in response to Nms717

    Whose it it (is it just a non functional example?)

  • by Nms717,

    Nms717 Nms717 Oct 14, 2015 2:36 PM in response to Csound1
    Level 1 (0 points)
    Oct 14, 2015 2:36 PM in response to Csound1

    MMade up ip address

  • by Csound1,

    Csound1 Csound1 Oct 14, 2015 2:37 PM in response to Nms717
    Level 9 (50,202 points)
    Desktops
    Oct 14, 2015 2:37 PM in response to Nms717

     

  • by ShagCA,Helpful

    ShagCA ShagCA Oct 14, 2015 4:30 PM in response to Nms717
    Level 4 (1,814 points)
    iPad
    Oct 14, 2015 4:30 PM in response to Nms717

    Email content does show symptoms of xcodeghost infection. It is legitimate. I would factory reset the iPad it if were mine.