今天中午浏览www.v2ex.com,看见沸沸扬扬的网盘下载Xcode安装文件导致 app注入木马xcodeGhost的事件。
分析文章:http://card.weibo.com/article/h5/s#cid=1001603888503866975286&from=1053093010&wm=3333_2001&ip=211.95.63.212
摘抄了一点东西:
1,收集iPhone和app的基本信息,包括:时间,bundle id(包名),应用名称,系统版本,语言,国家等
timestamp, app, bundle, name, os, type, status, version, language, country, idfv
举例:
“bundle”: ”com.netease.cloudmusic”,
“os”:”8.3”,
“status”:”resignActive”,
“ap”:”网易云音乐”,
“country”:”CN”,
“idfv”:”XXXXXXXXXXXXX”,
“language”:”en”,
“version”:”2.8.3”,
“type”:”iPhone7.1”,
“timestamp”:”1442571213”,
“name”:”device name”,
2,终端校验命令: shasum Xcode_7.dmg