XcodeGhost – malware for Apple iOS devices

Okay this isn’t a new story – it broke back in September, but this week we had to help a student who had a couple of apps installed on her iPhone which had the XcodeGhost malware.

What is XcodeGhost?

XcodeGhost is a repackaged version of Apple’s XCode iOS and OSX development tool that has been tampered-with and then republished to various download sites around the world. Some developers download this infected software and then when they compiled their app ready to be posted to Apple’s App Store, XcodeGhost injected malware into their app without the developers knowledge.

Originally it was thought that only 39 apps were infected, however, recent reports puts the figure at some 4,000 apps! Many apps are Chinese language apps but certainly not all.

Why did developers download an repackage infected version of XCode?

Good question! You can download an official version of XCode directly from Apple for free. However, if you want to sell your apps in Apple’s App Store you need to sign up to Apple’s Developer program which costs $99 per year and be over 18 years old.

I can only make wild guesses as to why a developer would look for alternative download sources rather than the official Apple download – I’m sure you have your own theories.

Apple has been removing XcodeGhost compromised apps from the App Store, but some infected apps may still be available for download. Apple also said that they would inform users who have downloaded apps that could have been infected.

So it is very important that you keep your apps updated – as some apps originally affected have now been patched (eg Angry Birds 2). 

Take a look at the list below and if you have any installed on ANY of your Apple devices (iPhone, iPad, iWatch, Mac) then delete the app immediately, then check the App Store for a clean version.

List of known infected apps

air2

AmHexinForPad

Angry Birds 2 (Rovio say only the Chinese version was affected)

baba

BiaoQingBao

CamCard

CamScanner

CamScanner Lite

CamScanner Pro

Card Safe

China Unicom Mobile Office

ChinaUnicom3.x

CITIC Bank move card space

CSMBP-AppStore

CuteCUT

DataMonitor

Didi Chuxing

Eyes Wide

FlappyCircle

Flush

Freedom Battle

golfsense

golfsensehd

guaji_gangtai en

Guitar Master

High German map

Himalayan

Hot stock market

I called MT

I called MT 2

IFlyTek input

IHexin

immtdchs

InstaFollower

installer

iOBD2

iVMS-4500

Jane book

jin

Lazy weekend

Lifesmart

Mara Mara

Marital bed

Medicine to force

Mercury

Micro Channel

Microblogging camera

MobileTicket

MoreLikers2

MSL070

MSL108

Musical.ly

NetEase

nice dev

OPlayer

OPlayer Lite

PDFReader

PDFReader Free

Perfect365

Pocket billing

PocketScanner

Poor tour

Quick asked the doctor

Quick Save

QYER

Railway 12306

SaveSnap

SegmentFault

snapgrab copy

Stocks open class

SuperJewelsQuest2

Telephone attribution assistant

The driver drops

The Kitchen

Three new board

ting

TinyDeal.com

Wallpapers10000

Watercress reading

WeChat

WeLoop

WhiteTile

WinZip

WinZip Sector

WinZip Standard