Malware discovered on 39 apps in the Apple App Store

A malicious version of Xcode obtained through Baidu, set the wheels in motion for the spread of the malware

A malicious version of Xcode obtained through Baidu, set the wheels in motion for the spread of the malware

A malware that infects iOS apps through a malicious version of Apple's Xcode, has resulted in the discovery of at least 39 infected apps in the Apple App Store. Among the apps affected is the extremely popular Chinese messaging app WeChat, and ride-sharing app Didi Chuxing. The latter is the most popular Uber-esque service in China.

While past viruses on iOS were placed inside an app by the developer, created and published in the App Store to purposely create havoc, this malware enters an app without the knowledge of its developer. Since a rogue version of Xcode was used in this endeavor, the malware itself is being called XcodeGhost.

The malicious version of Xcode was apparently taken off Baidu by Chinese iOS/OS X developers instead of using the most up-to-date version of the IDE available from Apple. The infected version of Xcode has since been removed from Baidu. According to a report by Palo Alto Networks, XcodeGhost can be used by the hacker to remotely phish, or to take advantage of vulnerabilities on apps and the local system.

Some other apps infected include Railway 12306, the only official app in China to offer train tickets. Stock trading platform Tonghuashun, and China Unicom Mobile office are also infected. You can check out all of the malware infected titles by clicking on the sourcelink.

source: PaloAltoNetworks via RedmondPie

FEATURED VIDEO

49 Comments

1. Ninetysix

Posts: 2933; Member since: Oct 08, 2012

Nope, it's iPhone release quarter, Apple's PR mouthpieces have received the memo. There will be no iBashing for the next 4 months. --Finalflash

10. darkkjedii

Posts: 30833; Member since: Feb 05, 2011

Lol nice one

24. AlikMalix unregistered

I specifically remember that post!!!

27. Finalflash

Posts: 4062; Member since: Jul 23, 2013

Hell yea, a reference from one of the biggest Apple trolls on PA. Sure the trolls keep telling me no one is listening, but I know at least they are, just more iHypocrisy.

29. AlikMalix unregistered

So you admit that you were full of it?

34. Finalflash

Posts: 4062; Member since: Jul 23, 2013

Oh yea, sometimes its just counter trolling and such. I mean even you started with good intentions here at PA but eventually you realized you can't take the trolls seriously and have to troll back sometimes.

39. AlikMalix unregistered

Wow, didn't expect that from you... Major props FF. you're absolutely right. I wouldn't be making such extreme statements of the negatives weren't so extreme.

2. jesus_sheep

Posts: 279; Member since: Apr 18, 2015

It is probably a "premium" malware like the isheeps say.

14. palmguy

Posts: 962; Member since: Mar 22, 2011

Nothing but the best for the Apple phone.

32. DoggyDangerous

Posts: 1028; Member since: Aug 28, 2015

targeting popular chinese apps, so must be a spying effort from US or may be. Just saying!

38. vincelongman

Posts: 5623; Member since: Feb 10, 2013

From the source: "Malware XcodeGhost Infects 39 iOS Apps, Including WeChat, Affecting Hundreds of Millions of Users" Taking "premium" malware and making it mainstream! /s

4. zig8100

Posts: 243; Member since: Dec 13, 2012

We dont get viruses! Ha!

42. ibend

Posts: 6747; Member since: Sep 30, 2014

its not viruses like the one on your androids, its premium malware.. android viruses may only get your useless personal data, but this premium malware can log every message u send/receive, your location, your browsing history, and other great function

5. Napalm_3nema

Posts: 2236; Member since: Jun 14, 2013

Why on earth would you download Xcode from a secondary source? Did the Baidu version somehow have a better price than "free"? https://developer.apple.com/xcode/download/

11. Taters

Posts: 6474; Member since: Jan 28, 2013

Because they are isheep...they do a lot things that make no sense, like overpay for Apple products for example...

16. Napalm_3nema

Posts: 2236; Member since: Jun 14, 2013

What you wrote makes absolutely no sense, since these were developers, and we are all dumber for having read your moronic tripe.

20. Taters

Posts: 6474; Member since: Jan 28, 2013

lol It makes perfect sense. Developers can be isheep too. Or is there some type of sheep social rules in the herds that I am not aware of where you can only be one or the other?

23. Napalm_3nema

Posts: 2236; Member since: Jun 14, 2013

I'll defer to your expert testimony as a blind follower of the majority.

37. PapaSmurf

Posts: 10457; Member since: May 14, 2012

You're dumb. Devs make more money on iOS and that's a fact. But keep trying to get those green thumbs from your fellow bashers. I heard it looks good on your resume when applying for a job.

43. Mister-Z-

Posts: 175; Member since: Sep 07, 2015

Since when did you become and giving credits to iFanatics? What green thumbs. ? Taters hates Apple and its users . that's including you. He doesn't give a toss if he gets "limited" for hating Apple and its iCults, iWorshipers. Since you are more afraid, that you stopped trolling. You would go mad if you was limited for 7days.

47. PapaSmurf

Posts: 10457; Member since: May 14, 2012

Lmao then you don't know me. Good try though. :)

49. Taters

Posts: 6474; Member since: Jan 28, 2013

I am dumb? Look in the mirror buddy because nothing I said has anything to do with how much money developers make. Context is the first thing you should have learned in school but apparently it doesn't apply to isheep. I think you have been grazing with Bobby Buster too much, the only thing you seem to care about is how much money people make.

6. Podrick

Posts: 1284; Member since: Aug 19, 2015

You are malwaring it wrong.

7. Ordinary

Posts: 2454; Member since: Apr 23, 2015

Where the fuc* is BobbyBuster when you need him?

8. Podrick

Posts: 1284; Member since: Aug 19, 2015

His brain got malware after reading this news.

13. Taters

Posts: 6474; Member since: Jan 28, 2013

He doesn't care about stuff like malware and usability and features. He just cares about if the company makes money or not. Upstanding gentleman that Bobby Buster is.

17. tedkord

Posts: 17131; Member since: Jun 17, 2009

He's at best Buy, drooling over the Note 5, wishing he could afford it.

35. javy108

Posts: 1004; Member since: Jul 27, 2014

Maybe he bought a life? He has money to bought any Apple 'premium' device thou.

40. kajam

Posts: 220; Member since: Jun 24, 2015

LMAO that's really funny

44. Mister-Z-

Posts: 175; Member since: Sep 07, 2015

You mean JakeLee.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.