Apple apps attacked by XcodeGhost malware. Is your iPhone infected?

September 21, 2015
By   ghali
Category   Mobile

Just days after I gave a presentation at the Retail Council of Canada’s Loss Prevention Conference about the rise of malicious mobile software, Apple announced this past weekend that it suffered its first major large-scale attack on its iOS App Store. Many iPhone and iPad apps available in their store may have been infected by malware, which could affect its users’ devices and personal data.

App developers who use external “untrusted” sources were tricked into unwittingly adding malicious code called XcodeGhost into their programs. According to Palo Alto Networks, a U.S.-based security firm, XcodeGhost collects personal information from infected devices and uploads it to outside servers. The breach could result in fake password prompts aimed at collecting iCloud details or other private information.

Though most of the infected apps were only available to download through Apple’s China store, some (including the popular WeChat) were available in Canada.

Potentially Affected Apps:

The following are some of the 344 identified affected apps:

  • Angry Birds 2 (Chinese version)
  • CamCard
  • CamScanner
  • Card Safe
  • China Unicom Mobile Office
  • CITIC Bank move card space
  • Didi Chuxing developed by Uber’s biggest rival in China Didi Kuaidi
  • Eyes Wide
  • Flush
  • Freedom Battle
  • High German map
  • Himalayan
  • Hot stock market
  • I called MT
  • I called MT 2
  • IFlyTek input
  • Jane book
  • Lazy weekend
  • Lifesmart
  • Mara Mara
  • Marital bed
  • Medicine to force
  • Micro Channel
  • Microblogging camera
  • NetEase
  • OPlayer
  • Pocket billing
  • Poor tour
  • Quick asked the doctor
  • Railway 12306 the only official app used for buying train tickets in China
  • SegmentFault
  • Stocks open class
  • Telephone attribution assistant
  • The driver drops
  • The Kitchen
  • Three new board
  • Watercress reading
  • WeChat

Recommended Precautions

If you’re worried that you have an infected app on your phone, change your iCloud password, as well as passwords on any websites used by the potentially affected apps. Then, uninstall or update any potentially affected apps, as Apple cleaned up its iOS App Store this past weekend to remove identified malicious iPhone and iPad programs, and many developers have released updates since news of the offending code hit.

Mobile malware has grown substantially in the past year. To learn more about this growing issue, read my presentation on Mobile Crime and the Criminalization of WiFi.


Apple malware



Write a comment

Your email address will not be published. Required fields are marked *