Apple lists top 25 apps affected by XcodeGhost malware infiltration

Posted:
in iPhone edited September 2015
Apple has published a list of the top 25 iOS apps impacted by China's XcodeGhost hack, the next step in a continued effort to rid infected devices of tainted software distributed through the iOS App Store.




In posting the app list to its XcodeGhost FAQ on Thursday, Apple intends to stamp out remaining copies of malware users might have inadvertently downloaded over the weekend. The company urges customers to update impacted apps immediately, noting titles not currently on the App Store should return soon.

"After the top 25 impacted apps, the number of impacted users drops significantly," Apple says, adding that it is working directly with developers to get affected apps back up for download.

Apple's list of the top 25 apps affected by XcodeGhost (asterisks denote titles not currently available from the App Store):
  • WeChat
  • DiDi Taxi
  • 58 Classified - Job, Used Cars, Rent
  • Gaode Map - Driving and Public Transportation
  • Railroad 12306
  • Flush
  • China Unicom Customer Service (Official Version)*
  • CarrotFantasy 2: Daily Battle*
  • Miraculous Warmth
  • Call Me MT 2 - Multi-server version
  • Angry Bird 2 - Yifeng Li's Favorite*
  • Baidu Music - A Music Player that has Downloads, Ringtones, Music Videos, Radio, and Karaoke
  • DuoDuo Ringtone
  • NetEase Music - An Essential for Radio and Song Download
  • Foreign Harbor - The Hottest Platform for Oversea Shopping*
  • Battle of Freedom (The MOBA mobile game)
  • One Piece - Embark (Officially Authorized)*
  • Let's Cook - Receipes [sic]
    Heroes of Order & Chaos - Multiplayer Online Game*
  • Dark Dawn - Under the Icing City (the first mobile game sponsored by Fan BingBing)*
  • I Like Being With You*
  • Himalaya FM (Audio Book Community)
  • CarrotFantasy*
  • Flush HD
  • Encounter - Local Chatting Tool
The XcodeGhost exploit was outed on Monday as a rogue version of Apple's official Xcode development software, deployed by an unknown party to surreptitiously infect legitimate apps and mine user data. Developers unwittingly installed and used the modified Xcode version to write and upload apps to the App Store.

At the time, Apple did not host an official copy of its development software on Chinese servers, meaning Mac App Store versions were much slower to download than those offered through local channels. As a workaround, some developers opted to download Xcode from local providers outside of Apple's purview. In this case, XcodeGhost was allowed to proliferate by masquerading as a legitimate copy of Xcode on cloud storage servers run by Baidu.

All known instances of XcodeGhost have since been removed, while Apple has promised to host Xcode on Chinese servers. Apple also wiped the App Store of offending apps and is currently blocking submissions containing the malware.

Comments

  • Reply 1 of 17
    There's a lot of weird sounding stuff on the Chinese App Store I must say.
  • Reply 2 of 17
    Amazing how Apple is able to take these steps to re-secure its servers so quickly.
    Trust is so important.
    Can Google do the same with the Android store?
    I know who I am edging my bet with
  • Reply 3 of 17
    Carrot Fantasy?

    Also amazing that developers of all people downloaded their dev tools from any old supplier online of the software, instead of the official source, even though the software is free.

    Infecting the dev tools has long been known as a good route for infecting applications built by the dev tools. It's one of the standard examples given in a decent security course at university.
  • Reply 4 of 17
    Never ever ever use software from any of these companies ever again. Never. Ever.

    It's one thing for a developer to download Xcode from some random place, disable gatekeeper on their laptop, and develop using it.

    It's another thing altogether for a software company to release a customer build without using a pristine quarantined build environment. This is software engineering 101. C'mon this is 2015 people, not 1985!

    These are not software companies one should ever trust. Whilst Apple do a splendid in of curating the store - they had assumed their developers were doing basic software engineering. Clearly that is a dubious assumption.
  • Reply 5 of 17
    Apple should ban these companies. I don't download generic apps. Which these fall into that category. There needs to be a certain standard like everything else. These companies fail to fit that standard.
  • Reply 6 of 17
    Apple should ban these companies. I don't download generic apps. Which these fall into that category. There needs to be a certain standard like everything else. These companies fail to fit that standard.

    ...WeChat isn't a generic app...
  • Reply 7 of 17
    mike1mike1 Posts: 2,754member

    "Let's Cook - Receipes [sic]"

     

    Seriously, who in the western world would download an app with a misspelling. The equivalent of an e-mail from Petra looking for much loves from a new mans.

  • Reply 8 of 17

    They said that Angry Bird 2 was only in China not the U.S.A. I had it on my phone only 1 day didn't like it so I took it off, glad I did!

  • Reply 9 of 17
    misamisa Posts: 827member
    hattig wrote: »
    Carrot Fantasy?

    Also amazing that developers of all people downloaded their dev tools from any old supplier online of the software, instead of the official source, even though the software is free.

    Infecting the dev tools has long been known as a good route for infecting applications built by the dev tools. It's one of the standard examples given in a decent security course at university.

    I remember years and years and years ago that "the compiler compiling itself" was the utmost top of the most proof-of-concept of malicious software, where you can't remove the malicious software because everything compiled on the system has it. Literately you would have to delete all binaries on a system and install the oldest version of the OS that doesn't have the malicious code in the OS and compiler. The only thing more malicious is malware that infects EFI and reinstalls itself (Which has ALSO been done.) Anything harder requires doing risky things like freezing the RAM unplugging it editing the memory and replacing it while the computer is suspended.

    Like who knows what else was installed on to the systems that did the compiling. For all the developers know, the entire system should be suspect, and wiped out and reinstalled.
    jdunys wrote: »
    Amazing how Apple is able to take these steps to re-secure its servers so quickly.
    Trust is so important.
    Can Google do the same with the Android store?
    I know who I am edging my bet with

    Nope. Google can't do anything but reactive removals. There is just too much cruft on their platform to ever remove anything malicious unless it was "generically" malicious (eg something that can be found with "grep")
  • Reply 10 of 17
    lkrupplkrupp Posts: 9,472member

    Only apps on the App Store serving Greater China were infected."

     

    This is from the 9to5 Mac website. Some tech sites mention this, others do not. So why the confusion, why the inconsistency of reporting? What is the truth? Did any of these apps make it out of China? When this article says Apple App Store the average U.S. user will assume that means THEIR app store.

     

    This is the kind of inept tech reporting that drives me crazy. The most important information, DID IT AFFECT ME, is left out completely. It almost seems intentional.

  • Reply 11 of 17

    Angry Birds 2 is the only one I downloaded. Uninstalled it pretty quickly too so I should be fine.

  • Reply 12 of 17
    WeChat just update the latest version a week before the breakout, what makes their developer install the genuine Xcode?....hum....
  • Reply 13 of 17
    Quote:

    ...

    All known instances of XcodeGhost have since been removed, while Apple has promised to host Xcode on Chinese servers. Apple also wiped the App Store of offending apps and is currently blocking submissions containing the malware.

     

    I asked this on another thread, but by that time, it had already been hijacked. Why isn't Apple also disabling the apps as it finds them? The fabled app "kill switch" that everyone was aghast about when Jobs confirmed it's existence?

     

    It must not exist, since I can't imagine a better time to use it.

  • Reply 14 of 17
    mbsmd wrote: »
    There's a lot of weird sounding stuff on the Chinese App Store I must say.

    "Miraculous Warmth"

    LOL
  • Reply 15 of 17
    lkrupplkrupp Posts: 9,472member
    Quote:

    Originally Posted by colm View Post

     

    Angry Birds 2 is the only one I downloaded. Uninstalled it pretty quickly too so I should be fine.




    Can’t you read? Did you download it from the Chinese App Store? If not then you DO NOT have an infected app. Jesus Christ on the Cross this is how bullshit gets spread around.

  • Reply 16 of 17
    haggarhaggar Posts: 1,568member
    Quote:

    Originally Posted by stompy View Post

     

     

    I asked this on another thread, but by that time, it had already been hijacked. Why isn't Apple also disabling the apps as it finds them? The fabled app "kill switch" that everyone was aghast about when Jobs confirmed it's existence?

     

    It must not exist, since I can't imagine a better time to use it.




    I'm curious to know this as well.  Just removing the offending apps from the App Store does not prevent already installed copies from running.

  • Reply 17 of 17

    Ok calm down! haha

Sign In or Register to comment.