Chinese iOS App Store Hit With Malware From Fake Xcode

Any user who has installed and launched these compromised apps will be a victim of these tracking codes.

iPhone, iPad and iPod touch models running an iOS version compatible with any of the infected apps.

Other infected apps include Railway 12306 (the only official app in China to offer train tickets), and stock trading platforms like Tonghuashun, China Unicom Mobile Office, etc. Security researcher Claud Xiao wrote on the firm’s website Friday that criminals and spies could use the malware to gain access to iOS devices.

How many users are affected?

Amongst the apps said to be infected is WeChat, a messaging app developed by Tencent that is used by millions of people worldwide.

Which unofficial versions of Xcode are affected? These are apps made by companies specifically for their own employees’ devices, so they don’t have to go through any sort of Apple security check.

iOS apps infected with XcodeGhost malware can and do collect information about devices and then encrypt and upload that data to command and control (C2) servers run by attackers through the HTTP protocol.

Can XcodeGhost affect users outside of China?

These apps are some of China’s most popular in the Apple App Store and were found to be infected with a malicious software in what officials are calling a security breach that is the first of its kind, exposing a rare vulnerability in the mobile platform of Apple, according to a number of researchers.

Palo Alto Networks claims that it is cooperating with Apple on the issue, while multiple developers have updated their apps to remove the malware. It isn’t clear how many use devices from Apple, which accounts for about 15% of China’s smartphone market, according to researcher IDC.

As reported, the malware is situated in a Mach-O object file that was repackaged into some versions of Xcode installers.

The hack exploited Chinese developers’ impatience, according to Palo Alto Networks.

How do I protect myself against XcodeGhost? Usually, developers purposely place malware into apps to distribute it, but this time it is happening without the knowledge of the original developers, making this news even more shocking. Resetting your iCloud password, and any other passwords inputted on your iOS device, is also strongly recommended as a precautionary measure.

Let’s clarify something real quick before we move on, Apple’s Xcode is perfectly safe and the companies download of it is malware free.