Oct 23, 2021 | Updated: 07:19 PM EDT

Beware Of WeChat: Infected iOS App Compiler Injected Malware Code Into 39 Apps, Including WeChat

Sep 22, 2015 12:26 AM EDT

Palo Alto Networks discovered another iOS security vulnerability, and if you are a WeChat user, you best beware.

Palo Alto Networks released a report on September 17, that Xcode, the app compiler on Macs, is being infiltrated by a malware-injecting virus dubbed the “XcodeGhost.” As of this writing, 39 Apple AppStore apps have already been identified as containing the code, and most of them are apps limited to China. Some apps that have been released for international use were also made by Chinese developers. The most popular app on the list is the Instant Messaging giant WeChat.

The malware starts with an infected developer’s machine. Then it injects malicious code into the apps that the developer is working on, then, as the app is still on the Apple Store, users can download the apps with the malicious code, exposing end-users to possible data theft and a risk for future identity theft.

As soon as the reports were posted by Palo Alto Networks, the 39 infected apps were pulled out of the App Store, and damage control is being made across WeChat, as well as Baidu, where infected versions of Xcode were hosted.

A major note to users: Only the most recent versions of the apps have been infected, so it is best to not update your apps, especially WeChat, until Apple announces that the situation is under control. Meanwhile, also avoid updating your other apps, especially those from Chinese developers.

For a list of the offending apps, check out this report from Palo Alto Networks: http://researchcenter.paloaltonetworks.com/2015/09/malware-xcodeghost-infects-39-ios-apps-including-wechat-affecting-hundreds-of-millions-of-users/

To remind Droid Report readers who also have iOS devices, here are some security tips to follow:

-Avoid downloading “Instagram Follower” apps. These apps are just spamware, which may also turn into spyware. If you check the Palo Alto Networks list, a lot of the entries there are apps of a similar nature.

-If you could avoid using apps made by Chinese developers, try to do so. If you note, most of the Security articles on Droid Report have featured Chinese-made malware and hack attacks.

-Always check the app’s screenshots. If the app looks shoddy, or kitschy, chances are, its code is messy. Do not download.

-Never jailbreak your iDevice.

-Never use apps that didn’t pass the App Store’s standards, or those you can find on Cydia repositories.

-Never be deceived by “Free” or “Cracked” apps.

It always pays to be a little paranoid with your devices. Until there is a whole year devoid of hacking and malware reports from the heart of mainland China, better steer clear. It is not about racism, it is about how often these things happen from which part of the world.


For the direct reports straight from Palo Alto Networks:

Novel Malware XcodeGhost Modifies Xcode, Infects Apple iOS Apps and Hits App Store: http://researchcenter.paloaltonetworks.com/2015/09/novel-malware-xcodeghost-modifies-xcode-infects-apple-ios-apps-and-hits-app-store/

Update: XcodeGhost Attacker Can Phish Passwords and Open URLs through Infected Apps: http://researchcenter.paloaltonetworks.com/2015/09/update-xcodeghost-attacker-can-phish-passwords-and-open-urls-though-infected-apps/

Malware XcodeGhost Infects 39 iOS Apps, Including WeChat, Affecting Hundreds of Millions of Users: http://researchcenter.paloaltonetworks.com/2015/09/malware-xcodeghost-infects-39-ios-apps-including-wechat-affecting-hundreds-of-millions-of-users/


For the layman's version of the news:

NY Times/Apple Confirms Discovery of Malicious Code in Some App Store Products: http://www.nytimes.com/2015/09/21/business/apple-confirms-discovery-of-malicious-code-in-some-app-store-products.html?_r=1


A previous Droid Report on a Palo Alto Networks discovery:

"KeyRaider" Steals 225,000 Users' Credentials Across 18 Countries: http://www.droidreport.com/keyraider-steals-225000-users-credentials-across-18-countries-10987

Real Time Analytics