More iOS Apps Infected

Thursday, September 24, 2015 @ 04:09 PM gHale

At first 39 apps suffered from a rogue version of the Xcode development tool, but now it appears the amount of iOS app developers unknowingly using the bad code is far greater than anyone thought.

Security research firm Palo Alto Networks reported last week 39 apps found in the App Store suffered compromise after developers — most of them in China — used a rogue version of Xcode distributed on forums. Xcode is a development tool for iOS and OS X apps provided by Apple.

Apple Cuts Infected iOS Apps
Apple Releases iOS 9; Fixes Security Bugs
Malware Strikes iOS Devices
Apple Patches iOS Vulnerability

The malicious Xcode version, called XcodeGhost, added hidden functionality to any application compiled with it. Those apps then ended up uploaded by unknowing developers to the official App Store, bypassing one of the main malware defenses of the iOS ecosystem.

On Tuesday, mobile security firm Appthority reported it found 476 apps infected by XcodeGhost among those used by its enterprise customers.

“We had a closer look at the data and were able to track the start of the infection to April 2015 with a significant uptick in infections over this last month of September,” Appthority’s research team said in a blog post.

The hidden code added by XcodeGhost collects identifying information about the devices and can open URLs.

Also Tuesday, researchers from security firm FireEye said the real number of iOS apps Trojanized by XcodeGhost is not in the tens or hundreds, but in the thousands. The company has identified over 4,000 infected apps so far on the App Store.

While the command-and-control servers used by XcodeGhost are now down, the malicious apps still try to connect to them using unencrypted HTTP connections, FireEye researchers said.

Since security companies keep identifying more infected apps, it’s hard for users to keep track of them manually or even to rely on a single product to detect them.