XcodeGhost, the newest threat to iOS devices, has been detected through the Wandera Secure service, and is utilising malicious code to steal users data straight from the palm of their hands.
Wandera have so far identified thirty-six iOS applications which are attempting to send data to these malicious servers, but that are being successfully blocked by the Wandera Secure Mobile Gateway.
The XcodeGhost malware is malicious code, which is inserted into iOS applications using a rogue version of Apple’s own Xcode, allowing the user to steal valuable data from the infected device or devices.
XcodeGhost’s creators were able to manipulate Xcode and make it readily available to any developer looking to build an iOS application. We understand that developers have used the malicious Xcode believing it to be genuine, and as a result unknowingly incorporated malicious code into their current app code base.
So far a number of high profile applications such as the extremely popular chat service WeChat and card scanner app CamCard have been affected. Until today, most users have assumed that the app store was free of all mobile malware. This further demonstrates what security researchers have known for some time, that like other mobile platforms, Apple devices are also at significant risk from the rise of mobile malware and a defence in depth approach including user education is required.
This new threat shows just how important it is for all mobile data to be scanned in real time through a proxy service. Wandera’s Secure Mobile Gateway has successfully identified this threat, is actively blocking data from being stolen and is continuing to scan for any new infected apps and malware URL’s. Our security researchers have notified Apple of our findings and are continuing to actively monitor the situation.