Apple Scrambles After 40 Malicious “XcodeGhost” Apps Haunt App Store
Apple officials are cleaning up the company’s App Store after a security firm reported that almost 40 iOS apps contained malicious code that made iPhones and iPads part of a botnet that stole potentially sensitive user information.
The 39 affected apps—which included version 6.2.5 of the popular WeChat for iOS, CamScanner, and Chinese versions of Angry Birds 2—may have been downloaded by hundreds of millions of iPhone and iPad users, security researchers said. The programs were infected by a tampered version of Apple’s legitimate iOS and OS X app development tool called Xcode. A repackaged tool, called XcodeGhost, surreptitiously inserted malicious code alongside normal app functions that caused the app to report to a command and control server. From there, the app reported a variety of device information, including the name of the infected app, the app bundle identifier, network information, the device’s “identifierForVendor” details, and the device name, type, and unique identifier.
Details of the infection were first reported late last week by security firm Palo Alto Networks in blog posts here and here. Researchers from mobile security firm Lookout independently analyzed the same apps and on Sunday issued a blog post that read in part: