XcodeGhost is a mobile phone virus, which primarily spread by downloading Xcode from unofficial sources, this malware able to infect CoreService library files in the development process, and further inject third-party codes into the compiled App, to upload user privacy data to the specified site. That is, Developer Downloads Xcode from unofficial pathway most likely with XcodeGhost virus.
Today 4:00, a ID called XcodeGhost-Author appeared at Weibo, he claimed XcodeGhost is a windfall when he developing iOS app. Anyone can add specify codes in it by modifying Xcode’s compiler configuration.
Currently, he has been active close XcodeGhost server and open source code.
Clarification on the so-called “XcodeGhost”
First, I apologize for the confusion of XcodeGhost event brought to everyone. XcodeGhost derived from my own experiment, without any threatening behavior, detailed source codes: https://github.com/XcodeGhostSource/XcodeGhost
XcodeGhost is actually an unexpected discovery when I developing iOS: Developers can load specified codes by modifing the Xcode build configurations, then I wrote the code to try it, and upload it to cloud storage.
All data acquired in the code is actually the basic app informations, without any other data. For selfish, I added the advertising feature in the code, hope that can promote my own application, but in fact from the beginning to the final of server shut down, the ad feature not work at all.
Finally, he stressed that this was just a “dead code” and would not affect iPhone use, not to obtain private data. At the end, he apologized again.
But no matter what, XcodeGhost has caused some adverse effects, then how can we do to prevent XcodeGhost Malware:
Download Xcode from official source.
Developers should do a rigorous security check before using the Xcode developer tools.
Apple needs to improve the connection speed of App Store in China.
The official APP Store review mechanism needs to be improved.
For iOS users, not too panic. XcodeGhost virus present will only upload some of the basic information about the app itself (installation time, application ID, application name, system version, language, country), etc., are not related to personal information. In addition, the creator had shut down the server, will not constitute a substantial information leak.
Even so, people should still wary until Apple made an effective solution, and the ‘real murderer’ of XcodeGhost currently not been caught, so ordinary users still need to be careful.
XcodeGhost Malware can fake popups of phishing attacks on a non-jailbroken iPhone, the pop window generated by XcodeGhost is very realistic, it is difficult to distinguish, so if you had input your iTunes password through some pop window before, then you should modified your password as soon as possible.