What You Need to Know About iOS Malware XcodeGhost (original) (raw)

Earlier this week, Chinese developers disclosed new iOS malware called XcodeGhost on microblogging service Sina Weibo. U.S. cybersecurity firm Palo Alto Networks has since published details about the malware.

MacRumors has created a FAQ so you can learn more about XcodeGhost and how to keep your iOS devices protected.

What is XcodeGhost?
XcodeGhost is a new iOS malware arising from a malicious version of Xcode, Apple's official tool for developing iOS and OS X apps.

How is XcodeGhost distributed?
A malicious version of Xcode was uploaded to Chinese cloud file sharing service Baidu and downloaded by some iOS developers in China.

Chinese developers then unknowingly compiled iOS apps using the modified Xcode IDE and distributed those infected apps through the App Store.

Those apps then managed to pass through Apple's code review process, enabling iOS users to install or update the infected apps on their devices.

Which devices are affected?
iPhone, iPad and iPod touch models running an iOS version compatible with any of the infected apps. The malware affects both stock and jailbroken devices.

Which apps are affected?
Palo Alto Networks has shared a full list of over 50 infected iOS apps, including WeChat, NetEase Cloud Music, WinZip, Didi Chuxing, Railway 12306, China Unicom Mobile Office and Tonghuashun.

How many users are affected?
XcodeGhost potentially affects more than 500 million iOS users, primarily because messaging app WeChat is very popular in China and the Asia-Pacific region.

Which unofficial versions of Xcode are affected?
All unofficial versions between Xcode 6.1 and Xcode 6.4.

How does XcodeGhost put my iOS devices at risk?
iOS apps infected with XcodeGhost malware can and do collect information about devices and then encrypt and upload that data to command and control (C2) servers run by attackers through the HTTP protocol. The system and app information that can be collected includes:

• Current time
• Current infected app’s name
• The app’s bundle identifier
• Current device’s name and type
• Current system’s language and country
• Current device’s UUID
• Network type
  Palo Alto Networks also discovered that infected iOS apps can receive commands from the attacker through the C2 server to perform the following actions:
• Prompt a fake alert dialog to phish user credentials;
• Hijack opening specific URLs based on their scheme, which could allow for exploitation of vulnerabilities in the iOS system or other iOS apps;
• Read and write data in the user’s clipboard, which could be used to read the user’s password if that password is copied from a password management tool.
  Can XcodeGhost affect users outside of China?
  Yes. Some of the iOS apps infected with XcodeGhost malware are available on the App Store in countries outside of China. CamCard, for example, is a popular business card reader and scanner app available in the United States and several other countries, while WeChat is a popular messaging app in the Asia-Pacific region.
  Why would some Chinese developers download Xcode from Baidu?
  Xcode is a large file that can take a long time to download from Apple's servers in China, leading some developers to download Xcode from unofficial sources.
  How are Apple and Chinese developers dealing with XcodeGhost?
  Palo Alto Networks claims that it is cooperating with Apple on the issue, while multiple developers have updated their apps to remove the malware.
  Apple has since issued the following statement to Reuters:

  "We’ve removed the apps from the App Store that we know have been created with this counterfeit software. We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps."
  How do I protect myself against XcodeGhost?
  iOS users should immediately uninstall any infected iOS app listed here on their devices, or update to a newer version that has removed the malware. Resetting your iCloud password, and any other passwords inputted on your iOS device, is also strongly recommended as a precautionary measure.
  Developers should install official versions of Xcode 7 or Xcode 7.1 beta from Apple's website for free and avoid downloading the software from unofficial sources.

Popular Stories

Apple Said to Cut iPhone Air Production Amid Underwhelming Sales

Apple plans to cut production of the iPhone Air amid underwhelming sales performance, Japan's Mizuho Securities believes (via The Elec). The Japanese investment banking and securities firm claims that the iPhone 17 Pro and iPhone 17 Pro Max are seeing higher sales than their predecessors during the same period last year, while the standard iPhone 17 is a major success, performing...

iOS 26.1 to iOS 26.4 Will Add These New Features to Your iPhone

Saturday October 18, 2025 11:00 am PDT by Joe Rossignol

iOS 26 was released last month, but the software train never stops, and iOS 26.1 beta testing is already underway. So far, iOS 26.1 makes both Apple Intelligence and Live Translation on compatible AirPods available in additional languages, and it includes some other minor changes across the Apple Music, Calendar, Photos, Clock, and Safari apps. More features and changes will follow in future ...

iOS 26.0.2 Update for iPhones Coming Soon

Apple's software engineers continue to internally test iOS 26.0.2, according to MacRumors logs, which have been a reliable indicator of upcoming iOS versions. iOS 26.0.2 will be a minor update that addresses bugs and/or security vulnerabilities, but we do not know any specific details yet. The update will likely be released by the end of next week. Last month, Apple released iOS 26.0.1,...

Apple's Next Rumored Products: New HomePod Mini, Apple TV, and More

Thursday October 16, 2025 9:13 am PDT by Joe Rossignol

Apple on Wednesday updated the 14-inch MacBook Pro, iPad Pro, and Vision Pro with its next-generation M5 chip, but previous rumors have indicated that the company still plans to announce at least a few additional products before the end of the year. The following Apple products have at one point been rumored to be updated in 2025, although it is unclear if the timeframe for any of them has...

New 14-Inch MacBook Pro Has Two Key Upgrades Beyond the M5 Chip

Thursday October 16, 2025 8:31 am PDT by Joe Rossignol

Apple on Wednesday updated the 14-inch MacBook Pro base model with an M5 chip, and there are two key storage-related upgrades beyond that chip bump. First, Apple says the new 14-inch MacBook Pro offers up to 2× faster SSD performance than the equivalent previous-generation model, so read and write speeds should get a significant boost. Apple says it is using "the latest storage technology," ...

New iPad Pro Has Six Key Upgrades Beyond M5 Chip

Saturday October 18, 2025 10:57 am PDT by Joe Rossignol

While the new iPad Pro's headline feature is the M5 chip, the device has some other changes, including N1 and C1X chips, faster storage speeds, and more. With the M5 chip, the new iPad Pro has up to a 20% faster CPU and up to a 40% faster GPU compared to the previous model with the M4 chip, according to Geekbench 6 results. Keep in mind that 256GB and 512GB configurations have a 9-core CPU,...

M5 MacBook Air Coming Spring 2026 With M5 Mac Studio and Mac Mini in Development

Thursday October 16, 2025 3:57 pm PDT by Juli Clover

Apple plans to launch MacBook Air models equipped with the new M5 chip in spring 2026, according to Bloomberg's Mark Gurman. Apple is also working on M5 Pro and M5 Max MacBook Pro models that will come early in the year. Neither the MacBook Pro models nor the MacBook Air models are expected to get design changes, with Apple focusing on simple chip upgrades. In the case of the MacBook Pro, a m...

Some Apple Employees Have 'Concerns' About iOS 26.4's Revamped Siri

iOS 26.4 is expected to introduce a revamped version of Siri powered by Apple Intelligence, but not everyone is satisfied with how well it works. In his Power On newsletter today, Bloomberg's Mark Gurman said some of Apple's software engineers have "concerns" about the overhauled Siri's performance. However, he did not provide any specific details about the shortcomings. iOS 26.4 will...

M5 Chip Achieves Impressive Feat in 14-Inch MacBook Pro Speed Test

The first alleged benchmark result for the M5 chip in the new 14-inch MacBook Pro has surfaced, allowing for some performance comparisons. Based on a single unconfirmed result uploaded to the Geekbench 6 database today, the M5 chip has pulled off an impressive feat. Specifically, the chip achieved a score of 4,263 for single-core CPU performance, which is the highest single-core score that...