There were reports recently about a new type of malware called XcodeGhost which may trick app developers into embedding malicious software into your Apple devices' applications. According to theintercept,
"The malware, called XcodeGhost, works by corrupting Apple's Xcode software. If a developer has XcodeGhost installed in their computer, apps that they compile may include the malware without the developer realizing it. The techniques it uses were previously developed and demonstrated by Central Intelligence Agency researchers at the CIA's annual top-secret Jamboree conference in 2012."
Experts are now carefully analyzing onto what extent the said Apple device malware has reached into the App Store. As to their findings, the App store currently contains at least 50 apps having the XcodeGhost malware, which includes WeChat. And if Apple users would not be careful with this XcodeGhost malware they may end up revealing their credentials such as their iCloud password.
The tech giant Apple was quick to response with threat of the known Apple device malware undermining the App Store. Apple developed an alert that would notify users if the downloaded app is infected with a malware coming from the App Store. Apple wrote via mashable that;
"Customers will be receiving more information letting them know if they've downloaded an app that could have been compromised. Once a developer updates their app, that will fix the issue on the user's device once they apply that update."
The company is already working closely with some developers in order to check affected apps and put them back into the App Store as soon as possible for customers to continue enjoying the apps and their updates. However, with regards to the effect of the XcodeGhost to users and their Apple devices, Apple denied that Apple IDs and passwords are also at risk. According to mashable Apple stated that;
"We're not aware of personally identifiable customer data being impacted and the code also did not have the ability to request customer credentials to gain iCloud and other service passwords. Malicious code could only have been able to deliver some general information such as the apps and general system information."
What are your thoughts regarding this highly intelligent malware? Share your thoughts below.
