14 DAY TRIAL // According to a report by Palo Alto Networks, an iOS and OS X compiler malware named XcodeGhost has successfully infected a number of iOS apps created by Chinese developers that used a repackaged version of Xcode to compile them.
This is not the first malware that has reached Apple's iOS App Store since some iOS apps were previously known to be infected with InstaStock, FindAndCall, LBTM, Jekyll and FakeTor.
At the moment, after some security companies and iOS developers conducted their own research, it seems that around 39 different iOS applications are infected and are available for download via Apple's App Store.
As reported, some of the infected apps are WeChat, Musical.ly, WinZIP (Standard), Mercury, Perfect365, among many others (we have attached the full list of XcodeGhost-infected apps at the end of the article).
XcodeGhost can collect and send information from iOS devices using various methods
According to Palo Alto Networks' analysis, iOS app infected with XcodeGhost will start collecting data from the victim's device and will send it to its command and control servers.
Furthermore, the XcodeGhost malware can also receive commands from the attacker, display fake alerts to phish for credentials, hijack URLs, and read/write data to and from the user's clipboard.
Moreover, as one developer who analyzed the XcodeGhost malware claims, an iCloud password phishing campaign has already started via alert dialogs on infected iOS devices.
Given that XcodeGhost has bypassed Apple's code review process and managed to reach their App Store, while also being capable of recording and delivering information using multiple techniques, iOS users are advised to stay clear and/or uninstall any of the apps listed below until their developers have the chance to upload a clean version on the App Store via Apple's iTunes Connect.
