Chinese iOS developer revealed through Weibo, a Chinese microblogging platform, a new malware that infects both the iOS and OS X. The malware is called ‘XcodeGhost’ and unlike any previous malware found in iOS, this one directly affects the Xcode compiler itself. However, the main target of this malware still is the iOS platform.
It all started in China when a malicious version of Xcode compiler was uploaded to Baidu’s server and then Chinese developers downloaded that malicious Xcode compiler and used it to develop their apps for the iOS platform.
The malware exploits the vulnerability in the default search paths for system frameworks and ended up successfully infecting numerous iOS apps that were developed using that compromised compiler. The scenario became worst when those infected apps were submitted to the app store and some even got through Apple’s app store standards despite containing a malware. The infected apps then became available for download to masses.
Once the user installed the malicious app, the ‘XcodeGhost’ malware then collected information from the victim’s device and uploaded it to the servers controlled by the hackers. The malware even enables hackers to send commands to the infected device, which makes it potentially more dangerous. The malware is capable of collecting information including Device’s UDID, current time, network type, and more.
The list of the infected apps includes some popular iOS applications such as WeChat, WinZip, and CamCard. More than 300 applications are suggested to be infected with the malware, some of which are incredibly popular in China and other countries. Here is the list of iOS applications that have been identified as infected by ‘XcodeGhost’ malware:
- Angry Birds 2
- CamCard
- CamScanner
- Card Safe
- China Unicom Mobile Office
- CITIC Bank move card space
- Didi Chuxing developed by Uber’s biggest rival in China Didi Kuaidi
- Eyes Wide
- Flush
- Freedom Battle
- High German map
- Himalayan
- Hot stock market
- I called MT
- I called MT 2
- IFlyTek input
- Jane book
- Lazy weekend
- Lifesmart
- Mara Mara
- Marital bed
- Medicine to force
- Micro Channel
- Microblogging camera
- NetEase
- OPlayer
- Pocket billing
- Poor tour
- Quick asked the doctor
- Railway 12306 the only official app used for buying train tickets in China
- SegmentFault
- Stocks open class
- Telephone attribution assistant
- The driver drops
- The Kitchen
- Three new board
- Watercress reading
Update: Apple has removed the application infected with the ‘XcodeGhost’ malware from its app store. It is the first time in the history of Apple’s app store that it has been targeted by a malware attack of this scale. The infected apps, which includes some popular titles as well, are being used my millions of iOS users around the globe.
We’ve removed the apps from the App Store that we know have been created with this counterfeit software. We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.
[Via Palo Alto]