Apple has posted an “XcodeGhost Q&A” information page:
I’ve heard about malicious apps created by XcodeGhost — what does this mean?
We always recommend developers use the free, secure tools we provide them — including Xcode — to ensure they’re creating the most secure apps for App Store customers. Some developers downloaded counterfeit versions of Xcode that have been infected with malware and created apps that were just as infected.
Apple incorporates technologies like Gatekeeper expressly to prevent non-App Store and/or unsigned versions of programs, including Xcode, from being installed. Those protections had to have been deliberately disabled by the developer for something like XcodeGhost to successfully install.
As part of providing developers the industry’s most advanced tools, Apple provides developers the following checks to ensure software is untampered:
• The Xcode app is code-signed by Apple.
• When you download Xcode from the Mac App Store the code signature for Xcode is automatically checked and validated by your system.
• When you download Xcode from the Apple Developer Program web site, the code signature for Xcode is automatically checked and validated by your system by default as long as Gatekeeper is not disabled.
Why would a developer put customers at risk by downloading counterfeit software?
Sometimes developers search for our tools on other, non-Apple sites in an effort to find faster downloads of developer tools.
We’re working to make it faster for developers in China to download Xcode betas. To verify that their version of Xcode has not been altered, they can take the following steps posted at .
How does this affect me? How do I know if my device has been compromised
We have no information to suggest that the malware has been used to do anything malicious or that this exploit would have delivered any personally identifiable information had it been used.
We’re not aware of personally identifiable customer data being impacted and the code also did not have the ability to request customer credentials to gain iCloud and other service passwords.
As soon as we recognized these apps were using potentially malicious code we took them down. Developers are quickly updating their apps for users.
Malicious code could only have been able to deliver some general information such as the apps and general system information.
Is it safe for me to download apps from App Store?
We have removed the apps from the App Store that we know have been created with this counterfeit software and are blocking submissions of new apps that contain this malware from entering the App Store.
We’re working closely with developers to get impacted apps back on the App Store as quickly as possible for customers to enjoy.
A list of the top 25 most popular apps impacted are listed below. After the top 25 impacted apps, the number of impacted users drops significantly.
If users have one of these apps, they should update the affected app which will fix the issue on the user’s device. If the app is available on App Store, it has been updated, if it isn’t available it should be updated very soon.
We will update this page with more information as it becomes available. Please check back from time to time.
• DiDi Taxi
• 58 Classified – Job, Used Cars, Rent
• Gaode Map – Driving and Public Transportation
• Railroad 12306
• China Unicom Customer Service (Official Version)*
• CarrotFantasy 2: Daily Battle*
• Miraculous Warmth
• Call Me MT 2 – Multi-server version
• Angry Bird 2 – Yifeng Li’s Favorite*
• Baidu Music – A Music Player that has Downloads, Ringtones, Music Videos, Radio, and Karaoke
• DuoDuo Ringtone
• NetEase Music – An Essential for Radio and Song Download
• Foreign Harbor – The Hottest Platform for Oversea Shopping*
• Battle of Freedom (The MOBA mobile game)
• One Piece – Embark (Officially Authorized)*
• Let’s Cook – Receipes
• Heroes of Order & Chaos – Multiplayer Online Game*
• Dark Dawn – Under the Icing City (the first mobile game sponsored by Fan BingBing)*
• I Like Being With You*
• Himalaya FM (Audio Book Community)
• Flush HD
• Encounter – Local Chatting Tool
* This app is currently not available on the App Store.
Source: Apple Inc.
XCodeGhost iOS infection toll balloons from 39 to over 4,000 apps – September 23, 2015
Apple to offer domestic downloads of Xcode for developers in China – September 23, 2015
Apple targeted as malware generated by bogus Xcode infects China mobile apps – September 21, 2015
New Android malware strains to top 2 million by end of 2015 – July 1, 2015
Symantec: 1 in 5 Android apps is malware – April 25, 2015
Kaspersky Lab Director: Over 98% of mobile malware targets Android because it’s much, much easier to exploit than iOS – January 15, 2015
Security experts: Malware spreading to millions on Android phones – November 21, 2014
There’s practically no iOS malware, thanks to Apple’s smart control over app distribution – June 13, 2014
F-Secure: Android accounted for 99% of new mobile malware in Q1 2014 – April 30, 2014
Google’s Sundar Pichai: Android not designed to be safe; if I wrote malware, I’d target Android, too – February 27, 2014
Cisco: Android the target of 99 percent of world’s mobile malware – January 17, 2014
U.S. DHS, FBI warn of malware threats to Android mobile devices – August 27, 2013