Other issues in this category (56)
Everybody makes mistakes
Criminals often use the popularity of other applications to penetrate computers. There are numerous tricks: malware is created to look and feel like a favourite game; malicious modules are inserted into software installers; or application components are swapped out. But more unusual forms of attack exist.
In September 2015, a Trojan horse managed to end up in the App Store which previously had been considered the most secure software catalogue for handheld owners.
Ingenious cyber criminals modified an official version of one of the IDESs, so that it integrated the Trojan horse in the applications the programmers were working on, completely unbeknownst to them. As a result, compromised but seemingly harmless games and applications passed Apple's review successfully and appeared in the App Store.
Dubbed by Dr.Web as IPhoneOS.Trojan.XcodeGhost, the Trojan can display fake dialogue boxes to carry out phishing attacks, open URLs specified by criminals, and sometimes even steal passwords from the clipboard.
To be installed under iOS, an application has to be downloaded from Apple Store (except for jailbroken devices), and all the applications are verified before being uploaded by their developers into the store. This impedes malware from spreading significantly. However, the described incident shows that impregnable systems do not exist. That's why you should never trust any security measure completely.