Skip to main content

XcodeGhost

Five 'XcodeGhost' stories September 2015 - November 2015
See All Stories

A modified version of XcodeGhost remains a threat as compromised apps found in 210 enterprises

Avatar for Ben Lovejoy Nov 4 2015 - 6:50 am PT
8 Comments

xcodeghost-s

Security firm FireEye said in a blog post that XcodeGhost – a fake version of Xcode that injected malware into genuine apps – remains a threat. FireEye has identified a more advanced version of the compromised app development tool, XcodeGhost S, which has been designed to infect iOS 9 apps and allow compromised apps to escape detection by Apple.

XcodeGhost is planted in different versions of Xcode, including Xcode 7 (released for iOS 9 development). In the latest version, which we call XcodeGhost S, features have been added to infect iOS 9 and bypass static detection.

We have worked with Apple to have all XcodeGhost and XcodeGhost samples we have detected removed from the App Store.

The company said that by monitoring its customers’ networks, it identified 210 enterprises with infected apps running inside their networks – a third of them in the USA – generating 28,000 attempts to connect to the XcodeGhost Command and Control (CnC) servers … 
Expand
Expanding
Close

Apple names top 25 apps infected by XcodeGhost as most estimates reach four figures

Avatar for Ben Lovejoy Sep 24 2015 - 4:05 am PT
11 Comments

xcodeghost-apps

Apple has named the top 25 apps infected by the XcodeGhost malware, stating that “the number of impacted users drops significantly” for other compromised apps. Most security researchers now agree that the total number of infected apps is in or around four figures, with many of them still present in China’s App Store … 
Expand
Expanding
Close

Apple to offer local Xcode downloads in China as scale & scope of XcodeGhost issue becomes clearer

Avatar for Ben Lovejoy Sep 23 2015 - 4:20 am PT
5 Comments

xcodeghost

Apple is to make Xcode available for local download from servers based in China as part of its response to the XcodeGhost malware issue. The announcement was made on the Chinese social media site Sina by Phil Schiller, Apple’s senior VP of worldwide marketing (via CNET). It’s believed that many Chinese developers inadvertently downloaded the fake version because the official download was taking too long.

“In the US it only needs 25 minutes to download,” Schiller told Sina, admitting that in China getting Xcode “may take three times as long.” He told the Chinese publication that, to quell this problem, Apple would be providing an official source for developers in the People’s Republic to download Xcode domestically.

Analysis of infected apps by security researchers appears to be revealing a mix of good and bad news … 
Expand
Expanding
Close

Compromised apps remain in Apple China App Store; $1M bounty offered for iOS 9 exploits

Avatar for Ben Lovejoy Sep 22 2015 - 4:49 am PT
6 Comments

xcodeghost

App analytics company SourceDNA – whose clients include Google, Amazon and Dropbox – claims that the compromised versions of many apps remain live in the Chinese App Store. This includes CamCard, which is a very popular app ranked #94.

The apps were infected with malware by a fake version of Xcode dubbed XcodeGhost which legitimate developers were fooled into downloading, believing it to be a copy of the genuine Apple app. A partial list of infected apps has been posted by security company Palo Alto Networks … 
Expand
Expanding
Close

Security firm publishes list of some of the iOS apps infected by XcodeGhost – including Angry Birds 2 [Update: more apps]

Avatar for Ben Lovejoy Sep 21 2015 - 4:06 am PT
57 Comments
Site default logo image

angry-birds-2

Update 1: The list of apps has now been updated with apps identified by Dutch security company Fox-IT. The company is reporting seeing malware traffic from the apps in Europe.

Update 2: Rovio has advised that only the version of Angry Birds 2 in the Chinese App Store was affected.

I wish to clarify that Rovio can confirm that only the Chinese build of Angry Birds 2 — available only on the App Store in Mainland China, Taiwan, Hong Kong and Macau — is vulnerable to the security issue. All other builds of Angry Birds 2 available in other countries are completely safe and secure. An update of Angry Birds 2 for customers in Mainland China, Taiwan, Hong Kong and Macau that fixes the issue is coming very shortly.

After yesterday’s revelation that hundreds of iOS apps on the App Store had been infected by malware, security company Palo Alto Networks has posted a list of some of the affected apps – which include Angry Birds 2.

The apps were infected by a fake copy of Xcode dubbed XcodeGhost, unwittingly downloaded by Chinese developers in place of the real thing. It’s believed they downloaded the fake from local servers because it took too long to download the original from Apple’s own servers. It’s not yet known why Apple’s own checks did not detect the malware when apps were submitted to the App Store.

It’s been suggested that over 300 apps are infected, with 31 of them so far identified (list below) … 
Expand
Expanding
Close