A modified version of XcodeGhost remains a threat as compromised apps found in 210 enterprises
Security firm FireEye said in a blog post that XcodeGhost – a fake version of Xcode that injected malware into genuine apps – remains a threat. FireEye has identified a more advanced version of the compromised app development tool, XcodeGhost S, which has been designed to infect iOS 9 apps and allow compromised apps to escape detection by Apple.
XcodeGhost is planted in different versions of Xcode, including Xcode 7 (released for iOS 9 development). In the latest version, which we call XcodeGhost S, features have been added to infect iOS 9 and bypass static detection.
We have worked with Apple to have all XcodeGhost and XcodeGhost samples we have detected removed from the App Store.
The company said that by monitoring its customers’ networks, it identified 210 enterprises with infected apps running inside their networks – a third of them in the USA – generating 28,000 attempts to connect to the XcodeGhost Command and Control (CnC) servers … Expand