Last week, Researchers disclosed some 39 iOS apps on Apple’s App Store infected by ‘XCodeGhost Malware’. The Bad News is that the infection has now increased exponentially with the discovery of more than 4,000 infected apps.
The XCodeGhost malware was distributed through legitimate iOS Apps via counterfeit versions of Apple’s app developer toolkit called Xcode.
XcodeGhost is a very harmful and dangerous piece of malware that is capable to Phish credentials, infect other apps, Hijack URLs, Steal iCloud passwords from your device and then upload them to the attacker’s servers even without your knowledge.
After Apple had removed nearly 300 malware-ridden iOS apps from the App Store, FireEye researchersfound more than 4,000 compromised apps.
The infected apps include the popular instant messaging app WeChat, Chinese Uber-like cab service Didi Kuaidi, photo editor Perfect365, music streaming service NetEase, and card scanning tool CamCard, were found to be infected by the malicious Xcode.
But Where Does the CIA Come into Picture?
The technique used by XCodeGhost is similar to that developed by Central Intelligence Agency (CIA) researchers and reported by The Intercept in March this year, citing the documents leaked by Edward Snowden.
The leaked documents claimed that CIA detailed a way to manipulate Xcode in an effort to add backdoors into iOS apps even without the knowledge of the developers.
The iOS apps built using the modified version of Xcode could enable spies to steal passwords and grab messages from the infected devices, as well as send that data to a command center of their choice.
The documents didn’t make it clear how CIA and other intelligence agencies would “get developers to use the poisoned version of Xcode.”
But, now we know How?
The answer could be XCodeGhost, which has very similar capabilities that of CIA approach, as well as the way their approach infects iOS apps also matches the one used by XcodeGhost.
Apple has ensured its customers that the company is working to remove these infected apps from its App Store, but it has not yet responded to questions about whether Apple was aware of the CIA techniques for compromising Xcode.