Malware creators are an ingenious lot. Apple has build iOS and the App Store as bullet proof as possible, but then came XcodeGhost. Instead of hacking iOS directly, this time hacker planted malware into Xcode, the tool used by developers to build and submit iOS apps to the App Store. Apps that are build with infected Xcode are said to transmit account information including passwords.
The incident first appeared in the China market last week, where developers in that country often obtain Xcode not directly from Apple, but from non-official sites for faster download speed. Several high profiles app such as WeChat, DiDi Taxi and even Angry Birds 2 are affected.
Apple has stepped up its effort to counter the spread of XcodeGhost. It worked with infected apps’ developers to release clean update, and has removed the rest of of known infected apps. It has published a XcodeGhost Questions and Answer site which list all known infected apps. If you’re using any of them, just update to the latest release and you will be fine.
In addition, Apple has also publish guideline and steps to developers on how to validate the integrity of their version of Xcode. It is also working to make it faster for developers in China to download Xcode from official site. Check out XcodeGhost Questions and Answer for more detail.