The Apple security team has been on high alert following news of the XcodeGhost malware impacting about 39 iOS apps on the App Store, which were made with an unofficial Xcode version. Xcode is the tool developers use to create OS X and iOS apps.
Apple confirmed on Sunday that a tool used by app developers for iOS devices was copied and modified by hackers to put malicious code into apps available on the App Store, according to The New York Times.
Most software developers for iOS and OS X will use Apple’s Xcode library, but as noted by Graham Cluley, some developers can download it from elsewhere on the Internet, which comes fraught with risks.
Apple spokesperson, Christine Monaghan, told news outlets the fake developer code “was posted by untrusted sources,” and that Apple has removed the apps from the App Store that it knows have been created with the malicious code.
On iOS devices with the infected apps, security researchers found that the malicious code uploads the device information and app information to its command and control server (C&C).
The malicious code is capable of receiving commands from the attacker through the C&C server to perform a number of actions, including opening particular websites designed to infect the device with more malware, and prompting phishing popup screens that ask potential victims for personal information, such as passwords to their Apple or iCloud accounts.
“Since the [phishing] dialogue is a prompt from the running application, the victim may trust it and input a password without suspecting foul play, “ Palo Alto Networks said in its blog post.
Lucy England of Business Insider listed some of the infected apps, which are as follows:
Didi Chuxing (developed by Uber’s biggest rival in China, Didi Kauidi)
Angry Birds 2
NetEase
Micro Channel
IFlyTek input
Railway 12306 (the only official app used for buying train tickets in China)
The Kitchen
Card Safe
CITIC Bank move card space
China Unicom Mobile Office
High German map
Jane book
Eyes Wide
Lifesmart
Mara Mara
Medicine to force
Himalayan
Flush
Quick asked the doctor
Lazy weekend
Microblogging camera
Watercress reading
CamScanner
CamCard (a very popular business-card reader)
SegmentFault
Stocks open class
Hot stock market
Three new board
The driver drops
OPlayer
Telephone attribution assistant
Martial bed
Poor tour
I called MT
I called MT 2
Freedom Battle
Security researchers clarified that only the most recent versions of the apps created with the counterfeit version of Xcode were at risk; furthermore, Apple has removed the malicious versions of these apps from the App Store.
Editor’s Update: Apple Updates XProtect Definitions for XcodeGhost Malware