Thousands of iOS apps infected by XcodeGhost

Researchers from FireEye found over 4000 trojanized apps on the App Store

The impact of iOS app developers unknowingly using a rogue version of the Xcode development tool is turning out to be greater than initially thought: early reports listed just 39 apps that had been trojanized with the tool, but security researchers have since identified thousands more.

On Friday, security research firm Palo Alto Networks reported that 39 apps found in the App Store had been compromised after their developers -- most of them located in China -- used a rogue version of Xcode that had been distributed on forums. Xcode is a development tool for iOS and OS X apps provided by Apple.

The malicious Xcode version, which has been dubbed XcodeGhost by security researchers, added hidden functionality to any application compiled with it. Those apps were then uploaded by unknowing developers to the official App Store, bypassing one of the main malware defenses of the iOS ecosystem.

On Tuesday, mobile security firm Appthority reported that it had found 476 apps infected by XcodeGhost among those used by its enterprise customers.

"We had a closer look at the data and were able to track the start of the infection to April 2015 with a significant uptick in infections over this last month of September," the company's research team said in a blog post.

The hidden code added by XcodeGhost to applications collects identifying information about devices they're installed on and can open URLs. The rogue tool's creators could have added more harmful functionality, but they apparently chose not to, at least for now.

"Given our risk analysis results of infected apps regarding their actual behavior, we feel that 'AdWare' might be a more appropriate classification rather than malicious 'malware'," the Appthority researchers said,

Also Tuesday, researchers from security firm FireEye revealed that the real number of iOS apps trojanized by XcodeGhost is not in the tens or hundreds, but in the thousands. The company has identified over 4,000 infected apps so far on the App Store.

While the command-and-control servers used by XcodeGhost have been taken down, the malicious apps still try to connect to them using unencrypted HTTP connections, the FireEye researchers said in a blog post. Such HTTP sessions are vulnerable to hijacking by other attackers, it said.

Since security companies keep identifying more infected apps, it's hard for users to keep track of them manually or even to rely on a single product to detect them. All they can do is hope that Apple is working to remove the apps from the App Store and notify users.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Lucian Constantin

Lucian Constantin

IDG News Service
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers

MSI P65

This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang

MSI GT76

It really doesn’t get more “gaming laptop” than this.

Jack Jeffries

MSI GS75

As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr

MSI PS63

The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?