Apple Malware – XcodeGhost Infects 39 iOS Apps
Apple Malware dubbed ‘XcodeGhost’ has been identified as infecting apps found in Apple’s App Store. The malware attaches itself to otherwise legitimate apps and is then installed on the user’s iPhones or iPads.
iPhone and iPad users can check that new apps are not infected by viewing lists of compromised apps prepared by security vendors Lookout and Palo Alto. However, be aware that such lists may not include every infected app.
If you are running an app that appears on one of these lists, it is recommended that you uninstall it from your device. You should also change your Apple iCloud password, as that may have been compromised. In addition, you should apply two factor authentication to your Apple ID, as this stops an attacker from using stolen credentials.
To date, XcodeGhost has been predominately used to spread advertisements and not to attack users. It does, however, collect some identity information.
Malicious individuals were reportedly able to target a tool used by app creators and infect the app with malware as it was being developed. The app creator would reportedly then unknowingly upload the app to Apple’s servers to be sold as legitimate software. Apps infected by XcodeGhost still function as intended, but with the additional malicious activity.
Lookout has a list of apps that are infected and recommendations about what to do if you have an infected app. In most cases, you should immediately uninstall the app until it has been fixed. Some of the most popular apps include
OPlayer HD Lite
Palo Alto had indicated that there may be thousands of apps that are infected. The list includes many apps in the Australian app store, but also a large number of Chinese-based apps.