Emerging Threats

iOS malware, XcodeGhost, infects millions of Apple Store customers


Authored by a Symantec employee

 

iOS apps popular mainly in China have been infected with a piece of malware that can steal your data, and even get you to reveal things like usernames and passwords via phishing. The malware, called XcodeGhost, was discovered by Chinese iOS developers, after it was able to find its way into legitimate Apple Store apps, including WeChat, a popular IM application.

What does XcodeGhost do?

Once the user downloads the infected app, this particular piece of malicious code uploads the device and app information to its command and control (C2) server. The attacker can send commands through this command and control server, telling it to perform actions such as:

  • Creating fake phishing alerts to steal your username and password
  • Reading and writing data on your device’s clipboard, which could uncover your password if it is copied from a password management tool
  • Hijacking your browser to open specific URLs, which could lead to being able to take advantage of existing bugs in the iOS system, or other iOS apps

How to stay protected

Researcher PaloAlto Networks identified 39 infected apps, including:

If you have any of the apps listed above on your device, make sure that you do the following:

  • Update your app as soon as possible, or delete the app and wait for a new version of the app to be made available
  • Change your Apple ID password (here's how)
  • Watch out for any suspicious emails or push notifications to your device asking for your Apple credentials, or any personally identifying information


Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.

© 2018 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, Norton, Norton by Symantec, LifeLock, and the Lockman Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Google Chrome is a trademark of Google, Inc. Mac, iPhone and iPad are trademarks of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.