• Welcome to ComputerMan

XcodeGhost iOS malware: The list of affected apps and what you should do

You are here

Researchers recently found a piece of iOS malware called XcodeGhost in a number of apps in the Apple App Store. The creator(s) of XcodeGhost were able to sneak the malicious code into these apps without the app developers’ knowledge. These unsuspecting apps include popular consumer apps like WeChat and CamCard, showcasing the potential for the XcodeGhost malware to impact is potentially hundreds of millions of victims. What is XcodeGhost? XcodeGhost is a piece of malware that can steal data and potentially trick people into providing personally identifiable information. The creator(s) behind XcodeGhost were able to repackage a tool used by legitimate iOS and OSX developers to create apps. When those developers created their apps using this tampered-with tool, they unknowingly inserted malware into their apps, though the developers did need to knowingly disable some security checks in order to use this tool. The malware made its way into a growing list of apps that were published live to the Apple App Store. Our understanding is that Apple is working to remove these apps from the App Store. How might it affect me? The malware removes information off the device like the device’s name, country, and unique identifiers. According to Palo Alto Networks, it may also have the ability to push dialogue boxes to your iPhone or iPad’s screen. Theoretically, a bad guy could use one of these dialogues to steal your username and password or other personal information. The malware may also be able to open websites in your mobile browser, which could be used for a variety of malicious purposes again including phishing and installing other potentially malicious software. Does Lookout protect me? For our customers still running iOS 8 or under, we will detect apps running this malicious code and alert you to their presence. Unfortunately due to limitations Apple has placed on apps on the iOS platform Lookout Mobile Security for consumers is not able to detect whether you have an infected app installed in iOS 9. Apple has made recent changes to iOS that make it more difficult for one app to understand which other apps are present on the device. We are always looking for new ways to protect iOS devices from malware and hope to be able to improve our detection capabilities in the future. In the meantime, we recommend users: For anyone that has one of the apps listed below — update them if an update is available, or delete them immediately and wait until the developer releases a new version with the malicious code removed. If one of these apps is running on your device, we also recommend that you change your Apple ID password and be wary of any suspicious emails or push notifications to your device asking for personal information. In general, be wary of apps pushing dialogue boxes to your screen asking for personal information without first being aware of who is asking for it If you have used your Apple ID password on any other accounts, you should change the password for those accounts, too. What are the apps? We are actively adding apps to the list below that Lookout has independently confirmed to be affected by XcodeGhost. This list is not exhaustive and we will be maintaining it below, including information on whether it has been patched and what you should do. To check if a developer has pushed an update to the app, go to the Apple App Store on your device, navigate to that app, and look for an “Update” button. If you are running the latest version of an app this button will say “Open” instead of “Update.” Read more: XcodeGhost iOS malware: The list of affected apps and what you should do (https://blog.lookout.com/blog/2015/09/21/xcodeghost-apps/) By David Richardson

Posted by dennis