

A malicious program dubbed XcodeGhost has hit apps in Apple’s App Store, including well known applications including the popular messaging platform WeChat.
Apple confirmed news of the malware Sunday and stated that it was removing malicious iPhone and iPad programs identified in what Reuters refers to as the “first large-scale attack on the popular mobile software outlet.”
Security firm Paloalto Networks, Inc. first identified the infected apps, and said that as of their last update that some 39 apps have been infected, including the aforementioned WeChat, along with Chinese taxi hailing app Didi Chuxing, popular Chinese train ticket purchasing app Railway 12306, and others including popular stock trading apps all targeting a Chinese audience.
Separate reports from Qihoo360 Technology Co. put the figure of infected apps at near 400, and one from Dutch security firm Fox-It nominates a different list of infected apps that include apps popular in the West including WinZip, PDFReader and others.
It would appear at least one copy of Apple’s Xcode platform used to design apps had been modified, meaning that the malware code was automatically injected into new apps; what isn’t clear is to whether the modified version of Xcode was downloaded directly from Apple, or was instead shared among developers themselves. Some suggestions indicate it could have been the latter, given the slow download speeds offered by Apple to developers wishing to obtain Xcode are in China.
XcodeGhost is malicious code that is located in a Mach-O object file that was repackaged into some versions of Xcode installers.
According to a separate explanation from Paloalto Networks, XcodeGhost collects information on the devices running infected apps and uploads that data to command and control (C2) servers; the collected information is said to include:
Among other features, it is able to use this information to gain access to an infected user’s’ iCloud account, and also can be remotely controlled by the attacker to phish or exploit local system or app vulnerabilities.
“We’ve removed the apps from the App Store that we know have been created with this counterfeit software,” Apple spokeswoman Christine Monaghan said in a statement.
If you’re not in China it is unlikely you have been infected, but if in doubt make sure your apps are up-to-date, particularly if you use WeChat.
Support our open free content by sharing and engaging with our content and community.
Where Technology Leaders Connect, Share Intelligence & Create Opportunities
SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.