XcodeGhost malware sneaks into the App Store, spooks millions of iOS users

If you’ve browsed around Apple’s iOS App Store lately, you have probably seen the huge popularity content blockers have had lately.


The applications were infected after software developers were lured into using a compromised version of Apple’s developer tool kit, according to researchers at Alibaba Mobile Security, a mobile antivirus division of Alibaba Group Holding Ltd.

CamCard, for example, is a popular business card reader and scanner app available in the United States and several other countries, while WeChat is a popular messaging app in the Asia-Pacific region.

These apps are some of China’s most popular in the Apple App Store and were found to be infected with a malicious software in what officials are calling a security breach that is the first of its kind, exposing a rare vulnerability in the mobile platform of Apple, according to a number of researchers. Usually, developers purposely place malware into apps to distribute it, but this time it is happening without the knowledge of the original developers, making this news even more shocking. USA cybersecurity firm Palo Alto Networks has since publisheddetails about the malware. China Unicom and China’s railway bureau did not immediately respond to faxed requests for comment Sunday.

Those apps then managed to pass through Apple’s code review process, enabling iOS users to install or update the infected apps on their devices.

How many users are affected? Xcode is free to download from Apple and free to use and implement as a developer. The problem started when developers downloaded altered versions of Xcode (named “XcodeGhost” Alibab researchers) from third-party sites.

The hackers posted their infected version on a Chinese server, advertising faster downloads, the researchers said.

Developers who downloaded the tainted Xcode and built apps with it, were victims of injected malware into those apps.

These malicious installers were then uploaded to Baidu’s cloud file sharing service for used by Chinese iOS/OS X developers.

Now, all of the files related to Xcode have been removed from Baidu’s servers after the company was alerted.

In a post online security firm Palo Alto Networks said this attack was just the first ever directed at the mobile operating system iOS. The malware affects both stock and jailbroken devices.

How does XcodeGhost put my iOS devices at risk?


Yang Jie contributed to this article.