XcodeGhost is a malware that attacks iOS and macOS devices and it was first identified in 2015. It is based on a malicious version of Xcode, which is Apple’s official tool for the development of iOS and OS apps. The versions of Xcode that were affected are between Xcode 6.1 and Xcode 6.4.
How is XcodeGhost distributed?
The infected Xcode was first uploaded onto Baidu, a Chinese cloud file-sharing service. It was subsequently downloaded by some Chinese developers who used the infected code to create iOS apps. These apps were then distributed in the App Store where they were able to pass the stringent review process put in place by Apple on their cloud service. Millions of people went on to download the infected files.
The devices that are affected by the malicious XCodeGhost include iPhone, iPad, iPod touch, and all other iOS devices that operate an iOS or macOS version that is compatible with the infected apps. It is estimated that about 500 million users were affected, mostly in China because of the country’s preference for the WeChat app over other messaging services. People from other countries such as Germany and Turkey were also affected.
What can XcodeGhost do?
The XcodeGhost malware is very dangerous. The apps that are infected by the XcodeGhost virus can collect information about a device user, and then send encrypted messages off to a remote server through the HTTP protocol. Some of the information that is shared includes:
- Infected app’s name
- Current time
- The app’s bundle identifier
- Network type
- Device name and type
- Current system language and country
- Current device’s UUID
- Network type
Another risk that is associated with the XcodeGhost malware is that it allows an iOS device to receive commands from an attacker. Such attacks can make the app perform any of the following concerning actions:
- Create a fake alert message that can trick a device user to give personal information
- Hijack the opening of various URLs based on their scheme. This opens the possibility of exploiting vulnerabilities in iOS and macOS
- Read and write data in the user’s clip This can be used to get passwords to various accounts.
As you can probably deduce, the XcodeGhost malware is very nasty and can be used for all manners of nefarious activities such as identity and financial fraud. It can also be used to cripple the ability of millions of people to communicate effectively.
How to Protect Against XcodeGhost
Are there any steps that you can take to protect your device against the XcodeGhost malware? It is highly recommended that once your device has been infected by the XcodeGhost virus that you download a premium anti-malware solution such as Outbyte Antivirus. It really is the only way to get rid of any malware infections on your iOS devices. The antivirus will also help protect your files, passwords, and personal information against theft or damage.
That said, you can also delete all the infected apps from your iOS device. Tons of apps were infected by the malware, in fact too many to list them all. Here is a list of the most commonly used apps to fall victim to the malicious XcodeGhost:
- Card Safe
- Angry Birds 2
- Eyes Wide
- NetEase
- Didi Chuxing
- Mercury
- OPlayer
- Flush
- High German Map
- Mara Mara
- Microblogging camera
- The Kitchen
- China Unicom Mobile Office
Deleting and then installing genuine apps that are not created with the fake Xcode will safeguard your device. You should also update your iOS device to the latest version because security patches that deal with the vulnerabilities have already been released by Apple.
Restore your iPhone from Backup
If the infection on your iPhone or iOS device is extensive, you can restore your iPhone from the most recent backup. This, of course, can only happen if you back up your phone regularly.
If your backups are not malware-free, you might want to start from scratch and wipe your iPhone clean. Go to Settings > General > Reset > Erase All Contents and Settings. You will be prompted to enter your password and confirm your action.
Once the process has completed, you need to install all the apps from the Apple App Store. Apple has since cleaned the App Store so there is no longer the risk of infection. The infected Xcode has also been long removed from the cloud so the risk of subsequent infection is greatly reduced.
Steps to Take to Prevent Malware from Infecting your iOS Devices
While it is extremely rare for iOS devices to get infected with malware, it can happen as the case of the XcodeGhost malware shows. So, you need to take some precautions so that you don’t fall victim to the same issue again.
Install an antivirus
It goes without saying that you need an antivirus software installed on your device. The antivirus will not only fight infections but will also secure your passwords and other vital pieces of data. It also helps monitor the performance of other apps. Just make sure that you don’t rely on a free version as most are useless against well-crafted malware.
Download your apps from the Apple app store
When it comes to the XcodeGhost malware, Apple was a little sloppy but that rarely happens. Rather than downloading apps from third-party providers, put your trust in the App Store because if anything happens, Apple will be quick to take corrective measures. They, after all, answer to you.
Update your device
Find a stable internet connection and update all your apps. Also, update your device to the latest iOS version. It is more improved in terms of security and performance and your device could greatly benefit from this.
Keep your self-informed
If you don’t read a lot, or seek news regarding your devices, you might miss out on news regarding threats such as the XcodeGhost malware. Your devices might remain infected for months or even years without your knowledge which is the last thing you want, given how devastating a malware infection can be.
That will be all about the XcodeGhost virus. If you have any questions, suggestions or comments, feel free to use the comment section below.