Was XcodeGhost a CIA hit?

“Last week, Chinese app developers disclosed that an Apple programming tool had been hijacked to trick developers into embedding malicious software into apps for Apple devices,” Micah Lee reports for The Intercept. “The malware, called XcodeGhost, works by corrupting Apple’s Xcode software, which runs on Mac computers and compiles source code into apps that can run on iPhones, iPads, and other devices, before submitting them to the App Store. If a developer has XcodeGhost installed on their computer, apps that they compile include malware without the developer realizing it.”

“Although XcodeGhost is the first malware to spread this way in the wild, the techniques it uses were previously developed and demonstrated by Central Intelligence Agency researchers at the CIA’s annual top-secret Jamboree conference in 2012,” Lee reports. “Using documents from NSA whistleblower Edward Snowden, The Intercept‘s Jeremy Scahill and Josh Begley described the CIA’s Xcode project in a story published in March.”

Lee reports, “Today, Apple has published instructions for developers to verify that the version of Xcode they have installed is the official one.”

Read more in the full article here.

MacDailyNews Take: The U.S. and other governments hate Apple’s outspoken commitment to protect their users’ privacy.

…Government of the people, by the people, for the people, shall not perish from the Earth. — Abraham Lincoln

Looks like Lincoln was wrong.

Apple lists top 25 apps afflicted by XcodeGhost – September 24, 2015
XCodeGhost iOS infection toll balloons from 39 to over 4,000 apps – September 23, 2015
Apple to offer domestic downloads of Xcode for developers in China – September 23, 2015
Apple targeted as malware generated by bogus Xcode infects China mobile apps – September 21, 2015
New Android malware strains to top 2 million by end of 2015 – July 1, 2015
Symantec: 1 in 5 Android apps is malware – April 25, 2015
Kaspersky Lab Director: Over 98% of mobile malware targets Android because it’s much, much easier to exploit than iOS – January 15, 2015
Security experts: Malware spreading to millions on Android phones – November 21, 2014
There’s practically no iOS malware, thanks to Apple’s smart control over app distribution – June 13, 2014
F-Secure: Android accounted for 99% of new mobile malware in Q1 2014 – April 30, 2014
Google’s Sundar Pichai: Android not designed to be safe; if I wrote malware, I’d target Android, too – February 27, 2014
Cisco: Android the target of 99 percent of world’s mobile malware – January 17, 2014
U.S. DHS, FBI warn of malware threats to Android mobile devices – August 27, 2013

[Thanks to MacDailyNews Reader “CognativeDisonance” for the heads up.]


      1. I meant that MDN took it out of context. The words are correct, but Lincoln was saying that is the goal, not that it had or would be achieved, as the MDN take would suggest.

  1. Quote from full article: “Using documents from NSA whistleblower Edward Snowden, The Intercept‘s Jeremy Scahill and Josh Begley described the CIA’s Xcode project in a story published in March.”

    Thus XcodeGhost may be anyone’s hack (not just the CIA/NSA) based upon information gleaned from the documents Snowden released to the public. ‘Here is Xcode, here’s how to hack it and here’s how to get into the hands of a bunch of programmers too impatient to do their due diligence.’

  2. If the technique was public knowledge, who’s to say the Chinese – any other government or independent organization didn’t use the same?

    It is nonsense to point at the NSA/CIA, especially now. But that should also not put them in the clear.

  3. Sad, but to be expected. The Constitution is the shield but we really need to be able to bitch slap the crap out of our bat shit crazy government when necessary. Who knows if the alphabet soup had a hand in it or not? The problem is if they did, no one would be surprised, and if they were found out, no one would be punished. They are too powerful. The focus of almost all government domestic policies are about restricting us and legislating away our freedoms.

  4. I don’t think it was the CIA, but I think those released documents may have gave someone the idea to do it. I read about the snowden documents around March or so and in May or so is when the Apple issue started happening according to an antivirus malware company chart.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.