Apple Removes Apps Made with Knockoff Version of Xcode in China

A couple days ago it was reported malware made its way into Apple’s App Store—by the way of a compromised counterfeit version of Xcode, made available to download in China from a third party server.

Screenshot 2015 09 20 21 40 56

Apple told Reuters it has removed these malicious apps and is working with developers to properly build apps using the real version of Xcode:

“We’ve removed the apps from the App Store that we know have been created with this counterfeit software,” Apple spokeswoman Christine Monaghan said in an email. “We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.”

Chinese security firm Qihoo360 Technology uncovered 344 apps tainted with XcodeGhost, a malicious form of Apple’s Xcode. Apps made with this counterfeit version allowed information such as device name, UDID, language and country, time and network type sent back to hackers.

Tencent, which owns the popular chat app WeChat, which was deemed ‘infected’, said the exploit only targeted an older version of the app, 6.2.5, while its current app was safe.

Palo Alto Networks Director of Threat Intelligence Ryan Olson, said the fake version of Xcode was probably downloaded by developers from a third party site that allowed for faster download speeds versus Apple’s own developer site.

Some social engineering may have taken place here, with hackers targeting developers as their way to infiltrate Apple’s App Store. Any iOS developer should know by now you should only acquire Xcode directly from Apple, and not a third party site.