Okay this isn’t a new story – it broke back in September 2015, but we had a couple of students who had a few apps installed which had the XcodeGhost malware.
What is XcodeGhost?
XcodeGhost is a repackaged version of Apple’s XCode iOS and OSX development tool that has been tampered-with and then republished to various download sites around the world. Some developers download this infected software and then when they compiled their app ready to be posted to Apple’s App Store, XcodeGhost is injected malware into their app without the developers knowledge.
Originally it was thought that only 39 apps were infected, however, recent reports puts the figure at some 4,000 apps! Many apps are Chinese language apps but certainly not all.
Why did developers download an repackage infected version of XCode?
Good question! You can download an official version of XCode directly from Apple for free. I can only make wild guesses as to why a developer would look for alternative download sources rather than the official Apple download – I’m sure you have your own theories.
Apple has been removing XcodeGhost compromised apps from the App Store, but some infected apps may still be available for download. Apple also said that they would inform users who have downloaded apps that could have been infected.
So it is very important that you keep your apps updated – as some apps originally affected have now been patched (eg Angry Birds 2).
Take a look at the list below and if you have any installed on ANY of your Apple devices (iPhone, iPad, iWatch, Mac) then delete the app immediately, then check the App Store for a clean version.
List of known infected apps
air2
AmHexinForPad
Angry Birds 2 (Rovio say only the Chinese version was affected)
baba
BiaoQingBao
CamCard
CamScanner
CamScanner Lite
CamScanner Pro
Card Safe
China Unicom Mobile Office
ChinaUnicom3.x
CITIC Bank move card space
CSMBP-AppStore
CuteCUT
DataMonitor
Didi Chuxing
Eyes Wide
FlappyCircle
Flush
Freedom Battle
golfsense
golfsensehd
guaji_gangtai en
Guitar Master
High German map
Himalayan
Hot stock market
I called MT
I called MT 2
IFlyTek input
IHexin
immtdchs
InstaFollower
installer
iOBD2
iVMS-4500
Jane book
jin
Lazy weekend
Lifesmart
Mara Mara
Marital bed
Medicine to force
Mercury
Micro Channel
Microblogging camera
MobileTicket
MoreLikers2
MSL070
MSL108
Musical.ly
NetEase
nice dev
OPlayer
OPlayer Lite
PDFReader
PDFReader Free
Perfect365
Pocket billing
PocketScanner
Poor tour
Quick asked the doctor
Quick Save
QYER
Railway 12306
SaveSnap
SegmentFault
snapgrab copy
Stocks open class
SuperJewelsQuest2
Telephone attribution assistant
The driver drops
The Kitchen
Three new board
ting
TinyDeal.com
Wallpapers10000
Watercress reading
WeLoop
WhiteTile
WinZip
WinZip Sector
WinZip Standard