Okay this isn’t a new story – it broke back in September 2015, but we had a couple of students who had a few apps installed which had the XcodeGhost malware.
What is XcodeGhost?
XcodeGhost is a repackaged version of Apple’s XCode iOS and OSX development tool that has been tampered-with and then republished to various download sites around the world. Some developers download this infected software and then when they compiled their app ready to be posted to Apple’s App Store, XcodeGhost is injected malware into their app without the developers knowledge.
Originally it was thought that only 39 apps were infected, however, recent reports puts the figure at some 4,000 apps! Many apps are Chinese language apps but certainly not all.
Why did developers download an repackage infected version of XCode?
Good question! You can download an official version of XCode directly from Apple for free. I can only make wild guesses as to why a developer would look for alternative download sources rather than the official Apple download – I’m sure you have your own theories.
Apple has been removing XcodeGhost compromised apps from the App Store, but some infected apps may still be available for download. Apple also said that they would inform users who have downloaded apps that could have been infected.
So it is very important that you keep your apps updated – as some apps originally affected have now been patched (eg Angry Birds 2).
Take a look at the list below and if you have any installed on ANY of your Apple devices (iPhone, iPad, iWatch, Mac) then delete the app immediately, then check the App Store for a clean version.
List of known infected apps
Angry Birds 2 (Rovio say only the Chinese version was affected)
China Unicom Mobile Office
CITIC Bank move card space
High German map
Hot stock market
I called MT
I called MT 2
Medicine to force
Quick asked the doctor
Stocks open class
Telephone attribution assistant
The driver drops
Three new board