
Unity3D has also been backdoored by XCodeGhost author - zmxv
https://translate.google.com/translate?sl=zh-CN&tl=en&js=y&prev=_t&hl=en&ie=UTF-8&u=http%3A%2F%2Fdrops.wooyun.org%2Fpapers%2F9024&edit-text=
======
zmxv
Chinese security engineers from Alibaba and Baidu have discovered backdoored
Unity3D (v4.6.4 to 5.1.1) in the wild. The infected SDKs share the same
behaviors as the infamous XCodeGhost trojan. Four types of malicious attacks
have been uncovered and PoC'ed:

* Targeted phishing by prompting an alert box.

* Downloading apps with enterprise certificates.

* Opening a phishing web site in the browser.

* Launching App Store to promote specific apps.

(The last two attacks are exploiting the same vector.)

