• Home
  • News
  • Apple makes public the list of XcodeGhost infected apps

Apple makes public the list of XcodeGhost infected apps

In case you haven't already heard, Apple had a serious problem with its App Store as the whole bunch of infected apps managed to bypass all the protections and stumble upon the users' devices. The good news (for the rest world) is that the vast majority of the infected apps are popular just in China, so if you're from a different country, you might not have been a victim. What's alarming is the way these XcodeGhost-infected applications have managed to bypass all of Apple's security measures (which the company was very proud of in the past).

In case you're wondering how such a large scale infection was possible, the answer is surprisingly simple. In order to circumvent the slow download speeds which they get from Apple's website, many Chinese developers have downloaded the Xcode software (tool for making apps for iOS) from a forum. What they didn't know is that the Xcode that they were installing was infected from the get go, and would automatically add hidden functionality into any app they would create. The end result was that a large number of Chinese developers unknowingly uploaded infected apps into the store. For more details about this topic you can check out Sam's description of the events.

The good news is that the XcodeGhost infection isn't very destructive. All the malware does is collecting data about the user, so it will just compromise your privacy and nothing more. The problem is that the malware regularly transmits data about you to its server. Even though the said server has been taken down, the information gathered is still automatically sent through the HTTP protocol which isn't encrypted and can easily be intercepted by other hackers. Additionally, according to FireEye, over 4,000 apps from the store have been infected with this malware / trojan and that is quite a large number.

Because of how wide spread this is, Apple has decided to compile a list with the 25 most popular apps that have been infected, which you can find by clicking on this link. Those of you who have one or more of the apps installed on your iPhones / iPads need to update or uninstall them as soon as possible. The rule is pretty simple: if the app is available in Apple's App Store it means that it has been updated and is now completely safe to use. If the application is not in the store, it means that it hasn't been updated yet and the problem isn't fixed, so you should stay away from it.

Comments