How to Check Apps infected by XcodeGhost Malware

Apple has undoubtedly created a security wall that can’t be breached easily. As a matter of fact, high-tech security has been one of the selling points for Apple to endorse its products. This was the reason users were least worried about malwares and virus. But recently, a microblogging service from China has discovered a new malware that has affected some iOS apps. According to Sina Weibo, Chinese developers have published essential information on XcodeGhost; details of this malware were also released by a US cyber security firm Palo Alto Networks. We would like to give some more facts and figures related to this XcodeGhost.

About XcodeGhost and its Effect

Xcode is Apple’s official tool that developers use to develop iOS and OS apps. And XcodeGhost is an iOS malware that was born from a malicious version of Xcode.The harmful virus has spread its tentacles and clutched devices like iPhone, iPad and iPod touch running an iOS version compatible with any of the affected apps; if you think that this malware must have affected only Jailbroken devices, you are mistaken. The virus is also found in non-Jailbroken products.XcodeGhost has affected more than 500 million iOS users; the malware has infected WeChat and since it’s a popular messaging app in China and Asia-Pacific, the number of affected users increased. All unofficial versions between Xcode 6.1 and Xcode 6.4 are affected by XcodeGhost.

List of Affected Apps

Palo Alto Networks listed around 50 affected apps:

  • WeChat
  • Didi Chuxing (developed by Uber’s biggest rival in China Didi Kuaidi)
  • Angry Birds 2
  • NetEase
  • Micro Channel
  • IFlyTek input
  • Railway 12306 (the only official app used for buying train tickets in China.
  • The Kitchen
  • Card Safe
  • CITIC Bank move card space
  • China Unicom Mobile Office
  • High German map
  • Jane book
  • Eyes Wide
  • Lifesmart
  • Mara Mara
  • Medicine to force
  • Himalayan
  • Pocket billing
  • Flush
  • Quick asked the doctor
  • Lazy weekend
  • Microblogging camera
  • Watercress reading
  • CamScanner
  • CamCard (a very popular business card reader.)
  • SegmentFault
  • Stocks open class
  • Hot stock market
  • Three new board
  • The driver drops
  • OPlayer
  • Telephone attribution assistant
  • Marital bed
  • Poor tour
  • I called MT
  • I called MT 2
  • Freedom Battle

How this happened?

The malware was first uploaded on Chinese cloud file sharing service Baidu; from there, some iOS developers unwittingly downloaded the infected version of Xcode, which was used in developing iOS apps. Later on, the same infected apps were put on AppStore. The apps from AppStore entered into Apple’s code review process; finally, iOS users installed or updated the infected apps.

How your iOS devices are in danger?

The malware can gather data of your iOS devices and encrypt and upload the same data to command and control servers. These servers are managed by hackers’ community through HTTP protocol. The virus can sneak into data that include:

  • Current time
  • Current infected app’s name
  • The app’s bundle identifier
  • Current device’s name and type
  • Current system’s language and country
  • Current device’s UUID
  • Network type

Users affected outside China…

There are many iOS apps affected by XcodeGhost and they are available on AppStore in countries other than China. CamCard and WeChat are apps used across the globe; while CamCard is a business card reader app and scanner, WeChat is a popular messaging app.

How Apple and Chinese developers tackle this challenge?

Palo Alto Networks is dealing with this issue in association with Apple; at the same time, many developers have updated their apps to remove the virus.
Moreover, Apple has issued a statement to Reuters: “We’ve removed the apps from the App Store that we know have been created with this counterfeit software. We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.”

Finally, how you should protect your device against XcodeGhost?

If you are using any iOS device, you should uninstall any affected apps with immediate effect; or you should better update to a fresher version that is not infected by malware. It is also advisable that you should reset your iCloud password and other passwords on iOS device. Download official versions of Xcode 7 or Xcode 7.1 beta from Apple’s website for free.

Is your iOS device infected by XcodeGhost? Check it yourself…

If you want to check the security of your device, you can use Pangu’s tool. Pangu is a popular website that has released many Jailbrek programs for iOS users. The tool will check if any of iOS apps is affected by XcodeGhost or not. Follow this simple method:

Step #1. First off, open XcodeGhost tool page on your Safari or Google Chrome browser on your iOS device.

Step #2. Tap on the blue button that reads “立即下载”.

Step #3.Tap ‘Install’ when asked.

Step #4.Give this tool a trusted access: Go to Settings > General > Profiles > Select “Shenzhen Avaintel Technology” > Tap “Trust”.

Step #5.Come back to home screen.

Step #6.Tap on Pangu’s app.

Step #7.Press the blue button that reads “点击检测Xcode病毒”

Once Pangu’s tool completes testing, you can see a large green check; this shows that your device is not infected by XcodeGhost. If the tool smells any malware, it will indicate which app is affected so that you can delete the app. If your iOS device is infected with XcodeGhost and the infected app is not on our list, please inform us in the comments.

Leave a Comment