1. https://appdevelopermagazine.com/ios
  2. https://appdevelopermagazine.com/new-xcodeghost-malware-variation-discovered-by-symantec/
11/4/2015 3:01:59 PM
New XcodeGhost Malware Variation Discovered By Symantec
iOS Malware,XcodeGhost,Malicious Code
App Developer Magazine
New XcodeGhost Malware Variation Discovered By Symantec


New XcodeGhost Malware Variation Discovered By Symantec

Wednesday, November 4, 2015

Richard Harris Richard Harris

A new XcodeGhost malware variant has been discovered by the security team at Symantec. It was found in apps created with unofficial downloads of Xcode, which are hosted regionally, and can be attractive to developers because of the faster download speeds available when compared to the official version (due to the large file-size of Xcode).

When these unverified versions of Xcode are downloaded from unofficial sites, they can include the malicious code which can be inserted into any application developed with these versions, putting app users at risk.

The malware was originally identified by Chinese iOS developers which disclosed the new OS X and iOS malware on Sina Weibo. Alibaba researchers then posted the first analysis report on the malware, giving it the name XcodeGhost. The malicious code is located in a Mach-O object file that was included into a number of versions of unofficial Xcode installers.

By the end of September, Palo Alto Networks had identified 39 apps that had been infected with the malware, including popular apps such as WeChat or Didi. The company provides a very effective technical analysis of the malware in a blog post.

This latest report (November 3) by Symantec is a strong indication that the malware threat is not going away any time soon. As a number of security vendors have pointed out, the only way a developer can protect their apps from the malware is to use the official Xcode download.

Of course, iOS is not alone in the malware fight as, in mid October, AdaptiveMobile reported on multiple new variants of the AndroidOS.SmsThief malware which is disguised as photo or document viewer apps, as well as repackaged into Android applications. Antivirus vendors have identified these variants under the names Android.Trojan.SmsSpy and Trojan.Android/AutoSMS. 

The AndroidOS.SmsThief threat begins from an infected phone, where an SMS is sent to an uninfected device, informing the user that their friend/contact has attempted to share a photograph, document or file. When the user then clicks on the link in the text message they are directed to download an app from a malicious but seemingly legitimate source. 

Having installed the malware to their device and given permission to access contacts and messages, the program allows the primary attacker to monitor any and all messages sent from the infected device, potentially providing access to sensitive information such as personal and financial data while enabling the malware to spread to a wider network of contacts.

Read more: http://www.symantec.com/connect/blogs/new-xcodegho...

Subscribe to App Developer Magazine

Become a subscriber of App Developer Magazine for just $5.99 a month and take advantage of all these perks.


  • - Exclusive content from leaders in the industry
  • - Q&A articles from industry leaders
  • - Tips and tricks from the most successful developers weekly
  • - Monthly issues, including all 90+ back-issues since 2012
  • - Event discounts and early-bird signups
  • - Gain insight from top achievers in the app store
  • - Learn what tools to use, what SDK's to use, and more

    Subscribe here