Apple App Store Update: 39 Malicious Apps Made through Xcode Ghost Discovered and Removed

Apple's "impregnable" security features were put to the test when hackers developed a way to phish personal information from users through compromised apps in the Apple App Store.

There are a total of 39 apps that were discovered to be Malwares and is deleted from the App Store. The list consist of popular Chinese apps such as Didi Kuaidi, WeChat, and CamCard.

A modified Xcode, a code developer for iOS and Mac, were discovered and been the topic of Chinese app developer on Weibo, the Chinese version of Twitter.

In a popular Chinese forum V2EX, a user named realpg shared his experience in using the modified version Xcode, dubbed as Xcode Ghost, and its potential risk in phising valuable and personal information such as Apple ID.

realpg said that they tried to make a simple offline iOS app using Xcode Ghost and tested it in their special testing iPhone without jailbreak. Even if the app that they develop doesn't require internet connection, it will frequently prompt a dialog to ask the password of user's iCloud.

Based on realpg accounts of his personal experience using the Xcode Ghost, Palo Alto Networks, an online security company, said that the possible objective of the Xcode Ghost is to steal valuable information and exploit security vulnerabilities of iOS.

Palo Alto Networks said that "the malicious code that Xcode Ghost embedded into infected iOS apps is capable of receiving commands from the attacker through the C2 server to Prompt a fake alert dialog to phish user credentials; Hijack opening specific URLs based on their scheme, which could allow for exploitation of vulnerabilities in the iOS system or other iOS apps; Read and write data in the user's clipboard, which could be used to read the user's password if that password is copied from a password management tool."

Apple spokeswoman Christine Monaghan told Reuters that they have removed the apps from the App Store that they know have been created with the Xcode Ghost.

"We are working with the developers to make sure they're using the proper version of Xcode to rebuild their apps," said Monaghan.

Join the Discussion
Real Time Analytics