Site icon The Mac Security Blog

Apple Cleans House, Pulls XcodeGhost Malware-Riddled Apps From App Store

The Apple security team has been on high alert following news of the XcodeGhost malware impacting about 39 iOS apps on the App Store, which were made with an unofficial Xcode version. Xcode is the tool developers use to create OS X and iOS apps.

Apple confirmed on Sunday that a tool used by app developers for iOS devices was copied and modified by hackers to put malicious code into apps available on the App Store, according to The New York Times.

Most software developers for iOS and OS X will use Apple’s Xcode library, but as noted by Graham Cluley, some developers can download it from elsewhere on the Internet, which comes fraught with risks.

Apple spokesperson, Christine Monaghan, told news outlets the fake developer code “was posted by untrusted sources,” and that Apple has removed the apps from the App Store that it knows have been created with the malicious code.

On iOS devices with the infected apps, security researchers found that the malicious code uploads the device information and app information to its command and control server (C&C).

The malicious code is capable of receiving commands from the attacker through the C&C server to perform a number of actions, including opening particular websites designed to infect the device with more malware, and prompting phishing popup screens that ask potential victims for personal information, such as passwords to their Apple or iCloud accounts.

“Since the [phishing] dialogue is a prompt from the running application, the victim may trust it and input a password without suspecting foul play, “ Palo Alto Networks said in its blog post.

Lucy England of Business Insider listed some of the infected apps, which are as follows:

WeChat

Didi Chuxing (developed by Uber’s biggest rival in China, Didi Kauidi)

Angry Birds 2

NetEase

Micro Channel

IFlyTek input

Railway 12306 (the only official app used for buying train tickets in China)

The Kitchen

Card Safe

CITIC Bank move card space

China Unicom Mobile Office

High German map

Jane book

Eyes Wide

Lifesmart

Mara Mara

Medicine to force

Himalayan

Flush

Quick asked the doctor

Lazy weekend

Microblogging camera

Watercress reading

CamScanner

CamCard (a very popular business-card reader)

SegmentFault

Stocks open class

Hot stock market

Three new board

The driver drops

OPlayer

Telephone attribution assistant

Martial bed

Poor tour

I called MT

I called MT 2

Freedom Battle

Security researchers clarified that only the most recent versions of the apps created with the counterfeit version of Xcode were at risk; furthermore, Apple has removed the malicious versions of these apps from the App Store.

Editor’s Update: Apple Updates XProtect Definitions for XcodeGhost Malware

Share this: