Trojan Horse virus iOS XCodeGhost infects from 39 to 4000 App Store apps

The original Trojan Horse. Ain’t she a beauty?

My mother’s always telling me that everyone knows that iOS offers the best mobile phone security when compared to other major phone OSes (I’m looking at you, Android).

But it’s not perfect, and this is spectacularly displayed in the latest iOS security threat: XCodeGhost.

XCodeGhost is a Trojan Horse. In computer terms it’s an app which claims to do one thing, but secretly does another, entirely nefarious thing. Typically, a Trojan Horse is a lone app, and Apple’s walled garden of security known as the App Store is designed to stop these and other nasties, however the XCodeGhost takes Trojan Horsing to a whole new level.

The clever, devious authors of this pox have infected the very tool used to create apps, making genuine developers unwittingly carry this infection in their apps. It’s like slipping a mickey directly into the bottle instead of into your intended victim’s glass.

And we’re all drinking from the same bottle!

Are you infected?

On September 18, Palo Alto Networks broke the news that XCodeGhost has infected 39 apps, and on September 22 FireEye Labs claimed this was up to 4,000! The majority of the infected apps were published on Apple’s Chinese app store, and the most widely-used app is the popular WeChat.

Apple has a page dedicated to XCodeGhost, with the 25 top infected apps listed.


So what should you do?

First and foremost… Do Not, repeat, Do Not go out and replace your iPhone with an Android. Those things are riddled with malware.

Secondly: don’t panic. Here’s a smiley face emoticon to ease your woes 🙂

Thirdly, follow this check list…

  • Stop using any infected apps you have installed
  • Apple’s already removed known infected apps from the App Store, so if you’re not infected yet then you won’t be able to. Apologies to all the Fifty Shades fans.
  • A number of apps have been updated to clean versions, so rush out and update your apps.
  • Palo Alto Networks is also advising people to change their iCloud password. Yes, it’s a pain in the a*s, but you know you should do it. Go on. Do it. Do it. I dare you…