Apple isn’t usually on the receiving end of hacks, malwares and viruses; not often at least. Though, the iOS App Store, has relatively been safe, recently Chinese developers have inadvertently implanted a spoofed version of the Xcode software that’s used by Apple on some of their apps.
The XcodeGhost file was uploaded on Baidu, a site that serves as a file sharing platform; unaware of this, some Chinese developers accidentally used the malware-embedded code for their apps, hence the malicious code making its way on to the App Store.
So how dangerous is this code? Well what it sets out to do is to collect user information on their devices and send them out to their servers. The information it collects include:
Current time
Current infected app’s name
The app’s bundle identifier
Current device’s name and type
Current system’s language and country
Current device’s UUID (Universally unique identifier)
Network type
Why would they need information like that? To put it shortly, the code needs it so it can fake alerts to trick you to reveal personal data or read and change any information on your copy clipboards – including password management apps. It’ll pose an indefinite risk to those who use WeChat, as a lot of information gets swapped around on the instant messaging app.
Just be sure to remove the apps mentioned below, but in terms of fixes the developers of WeChat have updated it from the affected 6.2.5 to the current (unaffected) version 6.2.6; an update that removed the malicious code. As a precaution, we suggest you remove WeChat and then install the newest version – just be sure to backup your chat logs first.
You can do so by following these steps:
Me > Settings > General > Chat Log Migration> Cloud Migration
After being informed, Apple has since removed apps that were infected, though users who’ve installed them before, still have to delete the infected apps on their devices. While most of the 77 apps are mainly used by people living in China, there are still some apps that are widely used by users around the world.
The following lists the apps that were affected by the XcodeGhost hack:
Angry Birds 2
CamScanner
Didi Chuxing
NetEase
Micro Channel
IflyTek input
Railway 12306
The Kitchen
Card Safe
CITIC Bank move card space
China Unicorn Mobile Office
High German map
Jane book
Eyes Wide
Lifesmart
Mara Mara
Medicine to force
Himalayan
Pocket billing
Flush
Quick asked the doctor
Lazy weekend
Microblogging camera
Watercress reading
Cam Card
SegmentFault
Stocks open class
Hot stock market
Three new board
The driver drops
Oplayer
Mercury
WinZip
Musical.ly
PDFReader
Perfect365
PDFReader Free
WhiteTile
IHexin
WinZip Standard
MoreLikers2
CamScanner Lite
MobileTicket
iVMS-4500
OPlayer
Oplayer Lite
QYER
golfsense
Ting
Golfsensehd
Wallpapers10000
CSMBP-AppStore
MSL108
TinyDeal(dot)com
snapgrab copy
iOBD2
PocketScanner
CuteCUT
AmHexinForPad
SuperJewelsQuest2
air2
InstaFollower
CamScanner Pro
baba
WeLoop
DataMonitor
MSL070
nice dev
immtdchs
FlappyCircle
BiaoQingBao
SaveSnap
Guitar Master
jin
WinZip Sector
Quick Save
