UPDATED 23:52 EDT / SEPTEMBER 20 2015

NEWS

XcodeGhost malware sneaks into Apple’s App store, infects popular apps such as WeChat and others

A malicious program dubbed XcodeGhost has hit apps in Apple’s App Store, including well known applications including the popular messaging platform WeChat.

Apple confirmed news of the malware Sunday and stated that it was removing malicious iPhone and iPad programs identified in what Reuters refers to as the “first large-scale attack on the popular mobile software outlet.”

Security firm Paloalto Networks, Inc. first identified the infected apps, and said that as of their last update that some 39 apps have been infected, including the aforementioned WeChat, along with Chinese taxi hailing app Didi Chuxing, popular Chinese train ticket purchasing app Railway 12306, and others including popular stock trading apps all targeting a Chinese audience.

Separate reports from Qihoo360 Technology Co. put the figure of infected apps at near 400, and one from Dutch security firm Fox-It nominates a different list of infected apps that include apps popular in the West including WinZip, PDFReader and others.

It would appear at least one copy of Apple’s Xcode platform used to design apps had been modified, meaning that the malware code was automatically injected into new apps; what isn’t clear is to whether the modified version of Xcode was downloaded directly from Apple, or was instead shared among developers themselves. Some suggestions indicate it could have been the latter, given the slow download speeds offered by Apple to developers wishing to obtain Xcode are in China.

What it does

XcodeGhost is malicious code that is located in a Mach-O object file that was repackaged into some versions of Xcode installers.

According to a separate explanation from Paloalto Networks, XcodeGhost collects information on the devices running infected apps and uploads that data to command and control (C2) servers; the collected information is said to include:

  • Current time
  • Current infected app’s name
  • The app’s bundle identifier
  • Current device’s name and type
  • Current system’s language and country
  • Current device’s UUID
  • Network type

Among other features, it is able to use this information to gain access to an infected user’s’ iCloud account, and also can be remotely controlled by the attacker to phish or exploit local system or app vulnerabilities.

“We’ve removed the apps from the App Store that we know have been created with this counterfeit software,” Apple spokeswoman Christine Monaghan said in a statement.

If you’re not in China it is unlikely you have been infected, but if in doubt make sure your apps are up-to-date, particularly if you use WeChat.

Image credit: 132889348@N07/Flickr/CC by 2.0

A message from John Furrier, co-founder of SiliconANGLE:

Support our open free content by sharing and engaging with our content and community.

Join theCUBE Alumni Trust Network

Where Technology Leaders Connect, Share Intelligence & Create Opportunities

11.4k+  
CUBE Alumni Network
C-level and Technical
Domain Experts
15M+ 
theCUBE
Viewers
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.

SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .

Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.