List of iOS apps infected by ‘XcodeGhost’ includes Angry Birds 2

“After yesterday’s revelation that hundreds of iOS apps on the App Store had been infected by malware, security company Palo Alto Networks has posted a list of some of the affected apps – which include Angry Birds 2,” Ben Lovejoy reports for 9to5Mac.

“The apps were infected by a fake copy of Xcode dubbed XcodeGhost, unwittingly downloaded by Chinese developers in place of the real thing,” Lovejoy reports. “It’s believed they downloaded the fake from local servers because it took too long to download the original from Apple’s own servers. It’s not yet known why Apple’s own checks did not detect the malware when apps were submitted to the App Store.”

“It’s been suggested that over 300 apps are infected, with 31 of them so far identified,” Lovejoy reports. “If you have any of the apps installed, the safest course is to delete them and then download again from the App Store as and when available. Apple says that it has removed all the infected versions and is working with developers to get clean versions uploaded in their place.”

Full list here.

MacDailyNews Take: Luckily, we didn’t like Angry Birds 2 (the gameplay wasn’t like the original), so it was only on one of our devices for a short time and quickly deleted in early August.

Apple targeted as malware generated by bogus Xcode infects China mobile apps – September 21, 2015
New Android malware strains to top 2 million by end of 2015 – July 1, 2015
Symantec: 1 in 5 Android apps is malware – April 25, 2015
Kaspersky Lab Director: Over 98% of mobile malware targets Android because it’s much, much easier to exploit than iOS – January 15, 2015
Security experts: Malware spreading to millions on Android phones – November 21, 2014
There’s practically no iOS malware, thanks to Apple’s smart control over app distribution – June 13, 2014
F-Secure: Android accounted for 99% of new mobile malware in Q1 2014 – April 30, 2014
Google’s Sundar Pichai: Android not designed to be safe; if I wrote malware, I’d target Android, too – February 27, 2014
Cisco: Android the target of 99 percent of world’s mobile malware – January 17, 2014
U.S. DHS, FBI warn of malware threats to Android mobile devices – August 27, 2013


  1. Apple knows who downloaded what from the App Store.

    Apple should do a “Recall Notification” to each user who they know has downloaded any infected app. Apple could easily notify those persons and tell them to delete the infected app and Apple will notify them when a clean app is available. (Some corrected apps are already available.)

    The car manufacturers do it. It should be much simpler for Apple than it is for them.

    Also, at the very least, Apple should put each and every one of these developers on a “watch list” under which Apple gives every one of their submitted apps a LOT more scrutiny before their new apps (or even updates to old apps) are uploaded to the App Store.

    1. Apple should do no such thing! Any developer worth his salt should know better than to use unsecure software as the basis for creating & submitting a project, as well as understand the repercussions for such unprofessional shenanagins , and this begs the question…. how was their code tested?! Did they even take the time to test it before submitting it to the public!? NO! The onus is squarely in their corner for such sloppy, and unprofessional work. If I could identify them I would never purchase anything they published! THEY! the developers should be kicked off of Apple’s developers list and forced to compensate each individual victim the cost of his ineptitude!

      1. Hmmm, you do understand that most, if not all of the developers affected were from China.?????

        The rules are different over there. Cheating is great, especially if you get away with it. We get toxic childs milk, toxic toothpaste, etc.

        Sadly, many American companies use chinese parts and never really check to be sure they are getting good stuff. 🙁

    2. I agree, mostly. These were trusted developers that decided to take a stupid short cut. They were not evil, just stupid.
      Apple should extra check for next xx revisions.

      Quality is a mind set. Lose the mind set and things go south.

      1. Update: infected version was a localized Angry Birds 2 version for the Chinese App Store.

        All other versions for non-Chinese App Stores, we not “infected”

        We should expect that the vast majority of the compromised apps, if not all, were localized to the Chinese App Store.

        1. WOW. So the developer Rovio, used a source copy of Xcode to create the game app. But the localization was done in China with a fake downloaded copy of Xcode. Astounding.

          I’d be seriously ticked off if a non-Chinese developer had downloaded a fake copy of Xcode, considering the ‘it’s too slow to get Xcode from Apple from inside China’ excuse being used for this mess.

          1. My thoughts are, slowness goes with the market. The bosses should be okay with that. But I suspect the my didn’t know, simply because the employee thought they were being smart, turning around a project in a short period of time, and their peers “vetting”‘the source.

  2. this is from WSJ, the XcodeGhost makers caught trying to weasel out:

    “On Sunday, an account named XcodeGhost-Author on China’s Weibo social-media platform claimed to be behind the malware and apologized. The Weibo user or users said the malware was an “accidental discovery” that was distributed as “a one-time, mistaken experiment.””

    I think Apple and it’s allies (the Chinese contract manufacturers who are making billions from Apple) should pressure authorities to take stern action and not let the guy weasel out , otherwise the lesson won’t be learnt and Apple has suffered grievous PR from this (potentially millions in sales).

    China is a ‘wild west’ in terms of business illegalities and if you’re too soft you might become a recurring target. There are death sentences for corruption , robbery (probably for amounts much less than Apple might lose) etc. so those people targeting apple aren’t ‘innocent’ , they know damn well the seriousness of their crimes.

  3. Looks like it’s time for Apple to come up with a program to provide the code to the safe manner. Such as they do with iBook authors.

    Apple should require it from now on. I’m waiting for the program, come on Apple.

    1. I wrote about this situation over at the previous article about XcodeGhost:

      Apple targeted as malware generated by bogus Xcode infects China mobile apps

      In brief: Every official Apple developer knows that there are only TWO legal sources for Xcode:
      1) The Apple Mac App Store
      2) The Apple Developer Connection website.

      There are no other legal sources. The problem was the developers said it was too slow to download Xcode directly from Apple from within the Great Firewall of China. They knew better. Websites like Baidu had NO right to allow Xcode to be uploaded and available. Baidu since removed all copies.

  4. Although it’s mainly the fault of the supplier of the modded Xcode and the Devs that used it instead of the offial version I still feel Apple needs calling out about this.

    They are supposed to have a curated App Store so things like this doesn’t happen. Either their testers are not trained highly enough or they aren’t given enough time to look deeply into the code or it’s a management failure, not believing they need to check their own code has been messed with. Either way Apple has dropped the ball here as the problem should have been spotted much earlier and by Apple not somebody else.

    Apple needs to fix this quickly as it will damage their reputation for a (virtually) malware free ecosystem. I’m currently waiting to watch the news item on UK Sky News about it.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.