Apple lists top 25 apps affected by XcodeGhost malware infiltration
Apple has published a list of the top 25 iOS apps impacted by China's XcodeGhost hack, the next step in a continued effort to rid infected devices of tainted software distributed through the iOS App Store.
In posting the app list to its XcodeGhost FAQ on Thursday, Apple intends to stamp out remaining copies of malware users might have inadvertently downloaded over the weekend. The company urges customers to update impacted apps immediately, noting titles not currently on the App Store should return soon.
"After the top 25 impacted apps, the number of impacted users drops significantly," Apple says, adding that it is working directly with developers to get affected apps back up for download.
Apple's list of the top 25 apps affected by XcodeGhost (asterisks denote titles not currently available from the App Store):
At the time, Apple did not host an official copy of its development software on Chinese servers, meaning Mac App Store versions were much slower to download than those offered through local channels. As a workaround, some developers opted to download Xcode from local providers outside of Apple's purview. In this case, XcodeGhost was allowed to proliferate by masquerading as a legitimate copy of Xcode on cloud storage servers run by Baidu.
All known instances of XcodeGhost have since been removed, while Apple has promised to host Xcode on Chinese servers. Apple also wiped the App Store of offending apps and is currently blocking submissions containing the malware.
In posting the app list to its XcodeGhost FAQ on Thursday, Apple intends to stamp out remaining copies of malware users might have inadvertently downloaded over the weekend. The company urges customers to update impacted apps immediately, noting titles not currently on the App Store should return soon.
"After the top 25 impacted apps, the number of impacted users drops significantly," Apple says, adding that it is working directly with developers to get affected apps back up for download.
Apple's list of the top 25 apps affected by XcodeGhost (asterisks denote titles not currently available from the App Store):
- WeChat
- DiDi Taxi
- 58 Classified - Job, Used Cars, Rent
- Gaode Map - Driving and Public Transportation
- Railroad 12306
- Flush
- China Unicom Customer Service (Official Version)*
- CarrotFantasy 2: Daily Battle*
- Miraculous Warmth
- Call Me MT 2 - Multi-server version
- Angry Bird 2 - Yifeng Li's Favorite*
- Baidu Music - A Music Player that has Downloads, Ringtones, Music Videos, Radio, and Karaoke
- DuoDuo Ringtone
- NetEase Music - An Essential for Radio and Song Download
- Foreign Harbor - The Hottest Platform for Oversea Shopping*
- Battle of Freedom (The MOBA mobile game)
- One Piece - Embark (Officially Authorized)*
- Let's Cook - Receipes [sic]
Heroes of Order & Chaos - Multiplayer Online Game* - Dark Dawn - Under the Icing City (the first mobile game sponsored by Fan BingBing)*
- I Like Being With You*
- Himalaya FM (Audio Book Community)
- CarrotFantasy*
- Flush HD
- Encounter - Local Chatting Tool
At the time, Apple did not host an official copy of its development software on Chinese servers, meaning Mac App Store versions were much slower to download than those offered through local channels. As a workaround, some developers opted to download Xcode from local providers outside of Apple's purview. In this case, XcodeGhost was allowed to proliferate by masquerading as a legitimate copy of Xcode on cloud storage servers run by Baidu.
All known instances of XcodeGhost have since been removed, while Apple has promised to host Xcode on Chinese servers. Apple also wiped the App Store of offending apps and is currently blocking submissions containing the malware.
Comments
Trust is so important.
Can Google do the same with the Android store?
I know who I am edging my bet with
Also amazing that developers of all people downloaded their dev tools from any old supplier online of the software, instead of the official source, even though the software is free.
Infecting the dev tools has long been known as a good route for infecting applications built by the dev tools. It's one of the standard examples given in a decent security course at university.
It's one thing for a developer to download Xcode from some random place, disable gatekeeper on their laptop, and develop using it.
It's another thing altogether for a software company to release a customer build without using a pristine quarantined build environment. This is software engineering 101. C'mon this is 2015 people, not 1985!
These are not software companies one should ever trust. Whilst Apple do a splendid in of curating the store - they had assumed their developers were doing basic software engineering. Clearly that is a dubious assumption.
...WeChat isn't a generic app...
"Let's Cook - Receipes [sic]"
Seriously, who in the western world would download an app with a misspelling. The equivalent of an e-mail from Petra looking for much loves from a new mans.
They said that Angry Bird 2 was only in China not the U.S.A. I had it on my phone only 1 day didn't like it so I took it off, glad I did!
I remember years and years and years ago that "the compiler compiling itself" was the utmost top of the most proof-of-concept of malicious software, where you can't remove the malicious software because everything compiled on the system has it. Literately you would have to delete all binaries on a system and install the oldest version of the OS that doesn't have the malicious code in the OS and compiler. The only thing more malicious is malware that infects EFI and reinstalls itself (Which has ALSO been done.) Anything harder requires doing risky things like freezing the RAM unplugging it editing the memory and replacing it while the computer is suspended.
Like who knows what else was installed on to the systems that did the compiling. For all the developers know, the entire system should be suspect, and wiped out and reinstalled.
Nope. Google can't do anything but reactive removals. There is just too much cruft on their platform to ever remove anything malicious unless it was "generically" malicious (eg something that can be found with "grep")
“Only apps on the App Store serving Greater China were infected."
This is from the 9to5 Mac website. Some tech sites mention this, others do not. So why the confusion, why the inconsistency of reporting? What is the truth? Did any of these apps make it out of China? When this article says Apple App Store the average U.S. user will assume that means THEIR app store.
This is the kind of inept tech reporting that drives me crazy. The most important information, DID IT AFFECT ME, is left out completely. It almost seems intentional.
Angry Birds 2 is the only one I downloaded. Uninstalled it pretty quickly too so I should be fine.
All known instances of XcodeGhost have since been removed, while Apple has promised to host Xcode on Chinese servers. Apple also wiped the App Store of offending apps and is currently blocking submissions containing the malware.
I asked this on another thread, but by that time, it had already been hijacked. Why isn't Apple also disabling the apps as it finds them? The fabled app "kill switch" that everyone was aghast about when Jobs confirmed it's existence?
It must not exist, since I can't imagine a better time to use it.
"Miraculous Warmth"
LOL
Angry Birds 2 is the only one I downloaded. Uninstalled it pretty quickly too so I should be fine.
Can’t you read? Did you download it from the Chinese App Store? If not then you DO NOT have an infected app. Jesus Christ on the Cross this is how bullshit gets spread around.
I asked this on another thread, but by that time, it had already been hijacked. Why isn't Apple also disabling the apps as it finds them? The fabled app "kill switch" that everyone was aghast about when Jobs confirmed it's existence?
It must not exist, since I can't imagine a better time to use it.
I'm curious to know this as well. Just removing the offending apps from the App Store does not prevent already installed copies from running.
Ok calm down! haha