The Infectious Xcodeghost Makes iOS App Development Risky For Developers

Over 4000 trojanized apps are found on the app store


Developers unknowingly using infectious Xcode iOS app development tool are in trouble as security researchers have identified thousands of applications that are trojanized with XcodeGhost. Earlier the number of apps was 35 only and most of the developers located in China used a rogue version of Xcode. Xcode is a development tool used by iOS and OS X developers to create new application software.



The malicious Xcode version has added hidden functionality to any app compiled with it. The Xcode has been dubbed XcodeGhost by security researchers. After 35, researchers counted 476 apps that are infected by XcodeGhost, which are used by enterprise clients. Experts had a closer look at the data and they all were able to track the location from where infection starts (from April 2015).

The hidden code added to the version to apps has power to collect identifying data about devices they are installed on and are able to open URLs. The rogue tool’s creators could have brought disastrous functionality, but they are not doing it now.

This all was started when the software developers were lured into using a compromised and unauthorized developer tool kit version. Now the infected apps can transfer information about user’s device, pop fake alerts to steal passwords, read and write data on user’s clipboard. To protect the users, officials have removed the apps from Apple store and they are now working with the developers to ensure that proper version of Xcode is used to recreate their applications.

XcodeGhost has exploited app development community in China. To create apps for iOS devices, developers have to take help of a tool kit called Xcode, but to save some time, some developers have downloaded compromised version rather than official version. Experts believe that XcodeGhost is dangerous malware that has ditched code review and attacked on iOS ecosystem. It is important for developers to use authentic iOS application development tool kit to avoid such infectious code.

Read More :