Apple has published its own official IDE (Integrated Development Environment), which is called Xcode. The Xcode IDE serves to help application developers in building software and testing it efficiently. It is an all-encompassing tool that is being used by countless software developers worldwide. However, cyber crooks have seen an opportunity to use this tool to their advantage. Thus, cybercriminals built the XcodeGhost – a malicious copy of the original Xcode IDE. The XcodeGhost IDE is not being propagated via Apple’s official stores or sites. This malicious IDE was uploaded by its creators on the popular Chinese website Baidu. This is how the XcodeGhost IDE ended up on the systems of a large number of Chinese developers.
Unlike most malicious applications, the XcodeGhost malware does not seek to wreak havoc on the host or even steal any data. The creators of the XcodeGhost threat have taken a much more interesting approach. The XcodeGhost IDE offers all the same tools and features as the legitimate Xcode IDE. However, the trick is that all the applications developed with the help of the XcodeGhost IDE have planted backdoors on them. This means that the creators of the XcodeGhost threat will have access to the data of all users who end up downloading and installing seemingly harmless applications developed with the help of this malicious IDE.
It would appear that there have already been over 500 million users who may have fallen victim to the XcodeGhost threat. The applications created with the XcodeGhost malicious IDE are capable of stealing various types of information about the user’s device – the name of the compromised application, device country, current time, default language set, device name, device type, and network data. The applications compromised by the XcodeGhost threat can also display bogus alerts on the user’s device. Furthermore, the malware can also hijack URL’s, collect information from the user’s clipboard, and change the information on the user’s clipboard.
Most of the affected users appear to reside in China. However, the applications affected by the XcodeGhost malware may end up on the devices of users from all around the globe. Do not forget to download and install a genuine anti-virus application compatible with iOS.