Millions of Apple users have possibly been infected with a malware called XcodeGhost. XcodeGhost is a new type of malware which emerged from a version of Xcode. This malware infects any iOS version including iPhone, iPad and iPod. There are over 50 infected apps which include some of the most used apps like: WeChat, NetEase Cloud Music, WinZip, Railway 12306, Didi Chuxing and China Unicom Mobile Office.
This is the first time a malware manages to bypass the security review process of the app store. Palo Alto discovered this malware on the 18th of September and multiple developers had already updated their apps to erase the malware. “We’ve removed the apps from the App Store that we know have been created with this counterfeit software. We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.” said Apple. Also, Palo Alto found out that the infected iOS apps can receive commands from whoever started this attack through a C2 server.
It appears that everything started from a Chinese cloud file sharing service named Baidu and it was downloaded by iOS developers from China. After that, Chinese developers didn’t know they were using the modified Xcode IDE and they started to distribute the infected apps through the App Store. The good news is that there is no evidence that any data was stolen from the millions of users who unknowingly downloaded or updated their apps. After this major event, Apple is expected to enforce their security review systems even more.