XCodeGhost Malware on iOS Devices

XCodeGhost is the name of a modified, malicious version of Apple's official XCode development environment that is used for creating and publishing mobile iOS applications. XCodeGhost was first discovered back in 2015 and back then, reports claimed that it affected a relatively limited number of customers. Recent findings have shown that the number of affected iOS users was actually much higher than originally thought.

XCodeGhost creates malicious apps by injecting bad code inside the apps upon compiling them. Information revealed in documents made public in the Epic vs Apple lawsuit now show that the number of people who downloaded applications infected by XCodeGhost malicious code is actually over 120 million and the affected apps were around 25 hundred.

The applications were mainly installed by Chinese users and included hugely popular ones such as Angry Bird 2 and WeChat.

Apple, of course, took down the affected apps and planned to contact all affected users through email, informing them that they had downloaded malware-laced content on their devices. However, it seems this never happened. Vice called the XCodeGhost incident the "biggest iPhone hack".

Even though the majority of affected users were located in China, around 18 million of those who downloaded the bad apps were located in the US.

XCodeGhost apps could be downloaded on any mobile device running iOS. This includes iPhones, iPads and even iPod Touch models that were able to run the apps in question.

Once deployed on the iOS device, an app containing XCodeGhost code in it can do a number of malicious things on the compromised system. Information gathering and receiving commands from the malware's C2 servers are just the start of it.

The malware can obtain a lot of information from the device, such as current time, device type and name, language and country set in the device as well as the device universally unique identifier.

Researchers with Palo Alto Networks discovered that the malware could be commanded by the C2 servers to push a fake alert dialog box that could phish out the victim's credentials, as well as read clipboard strings, potentially snagging passwords that are not typed but handled by a mobile password manager.

The reason for the prevalence in Chinese infections with XCodeGhost malware is that, curiously enough, some Chinese developers did not want to wait for the official, legitimate Apple version of XCode to download from Chinese servers and instead obtained the malicious XCodeGhost version from alternative, bad sources.

May 24, 2021

Cyclonis Backup

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.