The Blog

XcodeGhost IOS Malware Found in Many Apps in the Apple App Store

Maribeth WardTech Tips0 Comments

Researchers recently found a piece of IOS malware called XcodeGhost in a number of apps in the Apple App Store. The creators of this malware were able to sneak malicious code into apps without the app developers’ knowledge. XcodeGhost can steal data and potentially trick people into providing personally identifiable information.

The malware removes information off the device like the device’s name, country and unique identifiers. It may also be able to push dialogue boxes to your iPhone or iPad screen. Basically, the creators of the malware could use one of these dialogues to steal your username and password or other personal information.

It may also be able to open websites in your mobile browser, which could be used for a variety of purposes including phishing and installing other malicious software.

The number of apps involved has not been totaled yet but one Chinese firm has estimated at least 344 apps are affected.

According to Apple spokesperson Christine Monaghan, “Apple has removed the apps from the App Store and they are working with developers to make sure they are using the proper version of Xcode in rebuilding their apps.” Apple also suggests it is good practice to change your iCloud password whenever these type of attacks take place.

Anyone who has one of the apps should update if an update is available or delete them immediately and wait until a developer releases a new version without the malicious code.

Be wary of any suspicious emails or push notifications to your device asking for personal information. If you have used your Apple ID password on any other accounts, you should change the password for those accounts.

The security hole created with the malware allows people to use Siri to access an iPhone owner’s private data is extremely easy to exploit. Here’s how it works:

On any PIN-protected device running iOS 9, enter an incorrect PIN four times. On the fifth attempt, enter just three numbers (iOS locks for one minute after five incorrect PIN attempts) and then hold down the home button to bring up Siri as you enter the fourth.

This allows anyone to access all the private photos on the device as well as all the contacts. And, this is while the phone is still locked.

Preventing this from happening is actually quite simple. You have to disable access to Siri while the phone is locked by opening the settings app and tapping “Touch ID & Passcode.” Then scroll to the “Allow access when locked” section and slide the toggle next to Siri to off. Siri is enabled by default on the lock screen so most users are running iOS 9 are currently exposed.

Many of the apps are from China but several popular ones in the United States are also affected. These include WeChat, Angry Bird and CamCard Business. Here is a partial list of iOS apps built using the counterfeit version of Xcode:

eChat
DiDi Taxi
58 Classified
Railroad 12306
Flush
China Unicom Customer Service (Official Version)
CarrotFantasy 2: Daily Battle
Miraculous Warmth
Call Me MT 2–Multi-server version
Angry Bird 2 –Yifeng Li’s Favorite
Baidu Music–music player with downloads, ringtones, music videos, radio and karaoke
DuoDuo Ringtone
DuoDuo Ringtone
NetEase Music
Foreign harbor
Battle of Freedom
One Piece–Embark
Let’s Cook
Heroes of Order & Chaos–Multiplayer Online Game
Dark Dawn–Under the Icing City
I like Being With You
Himalaya FM
CarrotFantasy
Flush HD
Encounter
Crazy Fishing Saga
Crazy Fish 2
Pop Owls
Candy Crazy Fish
Sea Diamond
Fishing Ares
Pet Forest
Multi-Attach Mail
CamCard Business
CamScanner Free
CamScanner Pro
WeChat
WinZip
OPlayer HD Lite
LifeSmart
10000+ Wallpapers for iOS 8, iOS 7, iPod and iPad
Magic Liker for Instagram
Maya Mysterious Realm Free Slots Vegas Casino
Device Tracker for iPhone iPad
Beauty Salon Monster Girls Makeover
Crazy Bubble OL
MyChevy
Excavator Stunt 2015
Parking 3D
Little Miss Party Girls–Music Festival Salon
Forscam
Celebrity Fashion Stylist Salon

This is only a partial list of known affected apps. You should check the Apple App Store website for a list of known infected apps.

At WynWay, we provide technology services to clients across the country while being locally owned and operated in Greencastle, Indiana. Feel free to stop into our office between 2:30 and 7 p.m. Monday through Friday.

Our services include, but are not limited to:
Mac repair
PC repair
Smart phone repair
Printer setup
Virus removal
Personal Training
Personal Monthly Tech Support
Business Monthly Tech Support

Are we missing something that you need? Contact us and we can work together to find a solution.

Leave a Reply

Your email address will not be published. Required fields are marked *