Yesterday, the iOS App Store experienced a huge security breach: earlier this week, Chinese developers created a new piece of malware called XcodeGhost, an infected version of Apple’s official tool to create iOS and OS X apps, Xcode, and distributed it by uploading the files to Chinese cloud file sharing service Baidu, then disclosed on the microblogging site known as Sina Weibo (click at your own risk).
Since then, unknowingly, Chinese app developers began to compile iOS applications in the hacked Xcode IDE. The applications passed Apple’s code review process, and were then later distributed via the App Store to each iOS device with operating systems supporting the apps, allowing users to either download or update the new infected versions of the apps.
Every iPhone, iPad, and iPod with a compatible OS to run the infected apps, jailbroken or not, has been affected by this breach.
Below is a full list of the 95 apps affected by this issue as reported by Palo Alto Networks and Fox-It (fox-it.com):
滴滴打车 18.104.22.168 – 3.9.7
我叫MT 2 1.10.5
More than 500 million iOS users have been affected due to WeChat being very popular amongst users in China and the Asia-Pacific region.
iOS apps infected with XcodeGhost malware can and do collect information about devices and then encrypt and upload that data to command and control (C2) servers run by attackers through the HTTP protocol, causing millions of iOS devices to become at risk for attack. The system and app information that can be collected includes:
Current infected app’s name
The app’s bundle identifier
Current device’s name and type
Current system’s language and country
Current device’s UUID
Palo Alto Networks also discovered that infected iOS apps can receive commands from the attacker through the C2 server to perform the following actions:
Prompt a fake alert dialog to phish user credentials;
Hijack opening specific URLs based on their scheme, which could allow for exploitation of vulnerabilities in the iOS system or other iOS apps;
Read and write data in the user’s clipboard, which could be used to read the user’s password if that password is copied from a password management tool.
Palo Alto Networks claims that it is cooperating with Apple on the issue, while multiple developers have updated their apps to remove the malware.
Apple has since issued the following statement to Reuters:
We’ve removed the apps from the App Store that we know have been created with this counterfeit software. We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.
If you want to protect yourself against this malware or if you have one of the apps featured on the list above, either update those apps via the App Store to a version where the malware has been removed or simply uninstall those apps. Resetting your iCloud password or any other password inputted into your iOS device is also strongly recommended simply as a precautionary measure.
Update: Palo Alto Networks has released a new updated list of the apps affected by this security breach which includes Angry Birds 2:
Angry Birds 2
China Unicom Mobile Office
CITIC Bank move card space
Didi Chuxing developed by Uber’s biggest rival in China Didi Kuaidi
High German map
Hot stock market
I called MT
I called MT 2
Medicine to force
Quick asked the doctor
Railway 12306 the only official app used for buying train tickets in China
Stocks open class
Telephone attribution assistant
The driver drops
Three new board
Stay with MBEDDED for all the latest news in Apple by following us on Twitter, Google+, by subscribing to our newsletter, located on our Home page, and by following us right here on Apple News.