Apple left to clean up big mess in app store after being hacked.
Apple has removed infected apps in their Chinese App Store, after iOS developers downloaded a malicious version of Xcode from the cloud file sharing service Baidu. The iOs developers then created apps using the malicious Xcode to compile their app and distributed the infected apps through the China App Store. The apps passed through Apple’s code review process prior to distribution on the App store.
Some of the iOS apps infected with XcodeGhost malware ahve availability that is NOT limited to the China app store. CamCard, for example, is a popular business card reader and scanner app available in the United States Apple iOS app store.
Apple advises that users should update the affected apps to fix the issue. Apps that are available on the App Store currently have already been replaced by the correct version — not compiled by the malicious Xcode. Apps with an asterisk were currently not available on the App Store, but were expected to be updated very soon.
After replacing the infected apps, iOS users should reset their iCloud password, and any other passwords inputted on their iOS devices.
Affected Apps
WeChat
DiDi Taxi
58 Classified – Job, Used Cars, Rent
Gaode Map – Driving and Public Transportation
Railroad 12306
Flush
China Unicom Customer Service (Official Version)*
CarrotFantasy 2: Daily Battle*
Miraculous Warmth
Call Me MT 2 – Multi-server version
Angry Birds 2 – Yifeng Li’s Favorite*
Baidu Music – Music Player with Downloads, Ringtones, Music Videos, Radio & Karaoke
DuoDuo Ringtone
NetEase Music – An Essential for Radio and Song Download
Foreign Harbor – The Hottest Platform for Oversea Shopping*
Battle of Freedom (The MOBA mobile game)
One Piece – Embark (Officially Authorized)*
Let’s Cook – Receipes
Heroes of Order & Chaos – Multiplayer Online Game*
Dark Dawn – Under the Icing City (the first mobile game sponsored by Fan BingBing)*
I Like Being With You*
Himalaya FM (Audio Book Community)
CarrotFantasy*
Flush HD
Encounter – Local Chatting Tool
Fox-IT (fox-it.com), a Netherlands based security company, reported the following iOS apps were also infected:
Mercury
WinZip
Musical.ly
PDFReader
guaji_gangtai en
Perfect365
网易云音乐
PDFReader Free
WhiteTile
IHexin
WinZip Standard
MoreLikers2
CamScanner Lite
MobileTicket
iVMS-4500
OPlayer Lite
QYER
golfsense
同花顺
ting
installer
下厨房
golfsensehd
Wallpapers10000
CSMBP-AppStore
礼包助手
MSL108
ChinaUnicom3.x
TinyDeal.com
snapgrab copy
iOBD2
PocketScanner
CuteCUT
AmHexinForPad
SuperJewelsQuest2
air2
InstaFollower
CamScanner Pro
baba
WeLoop
DataMonitor
爱推
MSL070
nice dev
immtdchs
OPlayer
FlappyCircle
高德地图
BiaoQingBao
SaveSnap
WeChat
Guitar Master
jin
WinZip Sector
Quick Save
CamCard
Fox-it (fox-it.com) checked all C2 domain names from our reports in their network sensors and has found thousands of malicious traffic instances outside China.
C2 or command-and-control servers issue commands and controls to compromised systems (often Internet-connected computers of home users) that can become part of botnets.
Developers meanwhile were warned to install official versions of Xcode 7 or Xcode 7.1 beta from Apple’s website for free and “avoid” downloading the software from unofficial sources.
Get updates from The Cardinal ALL NEWS FEEDS on Facebook. Just ‘LIKE’ the ‘Arlington Cardinal Page (become a fan of our page). The updates cover all posts and sub-category posts from The Cardinal — Arlingtoncardinal.com. You can also limit feeds to specific categories. See all of The Cardinal Facebook fan pages at Arlingtoncardinal.com/about/facebook …