More than 4,000 iOS apps compromised by XcodeGhost, says FireEye

Snowden documents uncover CIA-developed Xcode exploit that resembles XcodeGhost
Tools

XcodeGhost, the malware that infiltrated the Apple App Store through Apple's Xcode app development tool, compromised more than 4,000 iOS apps, according to research by security firm FireEye.

This is up significantly from the earlier estimate of 39 compromised apps made by Palo Alto Networks, which initially highlighted the malware in blog posts last week. The malicious code is able to steal device and app information and send it to a command and control server, Palo Alto explained.

Another security firm, Appthority, came out with a much lower estimate – 476 compromised iOS apps. In addition, Appthority downplayed the risks to enterprises from the malware.

"The identified versions of XCodeGhost actually behaved more like AdWare or tracking frameworks rather than malicious malware, and we don't see it as an immediate security threat….Enterprises should keep their devices always up to date regarding app and iOS system updates," Appthority advised in a blog post.

Similarly, FireEye advised enterprises to notify their employees about XcodeGhost and make sure employees update all their apps to the latest versions.

In response to the initial reports about XcodeGhost, Apple began removing more than 300 malware-infected apps from the App Store, The Guardian newspaper reported. "We've removed the apps from the app store that we know have been created with this counterfeit software," an Apple spokeswoman told the newspaper in an email.

Apple published on its Chinese website a list of the top 25 most popular apps compromised by XcodeGhost. These include WeChat, China Unicom Customer Service and Angry Birds 2.

"We have no information to suggest that the malware has been used to do anything malicious or that this exploit would have delivered any personally identifiable information had it been used. We're not aware of personally identifiable customer data being impacted and the code also did not have the ability to request customer credentials to gain iCloud and other service passwords," Apple said on the site.

Interestingly, documents from Edward Snowden obtained by The Intercept in March of this year indicated that the CIA had developed a modified version of Xcode that could enable the intelligence agency to sneak surveillance backdoors into App Store apps created by Xcode. 

For more:
- check out the FireEye blog post
- see the Appthority blog post
- read the Apple XcodeGhost statement

Related Articles:
Nightmare scenario comes true for Apple App Store users and CIOs
Despite beefed up iOS 9 security, hacker jailbreaks Apple's latest mobile OS
KeyRaider steals more than 225,000 Apple accounts from jailbroken iPhones