This is an interesting piece of malware. It’s introduced via local download copies of Xcode in China and then inserts malicious code into whatever apps are made with that copy of Xcode. Some of these get into the App Store because the code is so deeply hidden or, easier still, find their way into corporate app distribution that doesn’t go through Apple’s approval process.
Since I left the corporate world, I’m not up on the state of outsourcing but I wonder if Indian developers similarly download local copies of Xcode or if there are Chinese development firms that are used now (I would think if there were they’d tend to be less popular for security reasons).
(Via Craig Hockenberry and Frederic Jacobs)