Apple Inc. is currently cleaning up its iOS App Store to eliminate malicious iPhone and iPad programs recognized in the first extensive attack on the popular software outlet. Usually, these types of malware have only been able to affect jailbroken phones. When malware succeeds in getting through Apple's App Store policies and defense walls, it's a big deal and creates quite the stir. Apple disclosed the effort to clean up it's devices after numerous cyber security organizations reported locating a malicious program called XcodeGhost that was embedded in hundreds of legitimate apps.
What is XcodeGhost?
Xcode is Apple's programming structure that developers use to create apps you use and the games you play. A modified version of the system is responsible for the issues we have seen in the last couple of days. XcodeGhost uses an older version of Xcode to inject malicious functionality into apps without the developer’s knowledge. Any app made using the compromised version of Xcode is possibly affected.
XcodeGhost sits in the background of legitimate apps and mines them for data. Once the affected app launches, it starts gathering. What it looks for includes the title of the infected app, the app bundle identifier (a code specific to the developer and app set during submission), the device's name and type, whereabouts and language information, network info, and the device's "identifier for vendor" (a code that assists in linking apps from the same developer running on the same device).
Once it has this information, XcodeGhost sends it to an external server where the malware can then receive instructions from the server that could end up making your iOS device open web pages or create false prompts to trick you into inputting your Apple ID and password. It could even possibly access data in your clipboard to steal passwords you have stored in a management app.
What are the apps?
This page is actively adding apps to the list of those affected by XcodeGhost.
In the meantime, it's recommended that:
- If you have one of the apps listed, update them if one is available, or delete them right away and wait until a new version is released with the malicious code removed.
- If one of these apps is running on your device, change your Apple ID password and be wary of any suspicious emails or push notifications to your device asking for personal data.
- In general, be suspicious of apps pushing information exchange boxes to your device asking for personal data, without first being aware of who is asking for it.
- If you used your Apple ID password on any other accounts, you should change those accounts too.