⋮    ⋮  

XcodeGhost Malware Makes A Comeback, Aimed At iOS 9 Users

Uzair Ghani
Posted 12 months ago

The XcodeGhost fiasco had almost settled down, with Apple having put in place proper security measures to make sure that such a thing does not happen again on the App Store. Sadly enough, the developer behind XcodeGhost has found a new way to make a big comeback, but this time iOS 9 users are being aimed.


According to security firm FireEye, a lot of businesses in the United States are running iOS apps that have traces of XcodeGhost in them, and now, we’re hearing reports that a new variant of the malware, dubbed ‘XcodeGhost S’ has made an appearance, and it’s designed in such a way that it goes after iOS 9 users.

FireEye reports that many enterprises across the US are still using XcodeGhost infected apps, and said app are attempting to contact XcodeGhost’s command and control servers, trying to snoop data from users.

After digging deep, FireEye made the following discoveries:

XcodeGhost has entered into U.S. enterprises and is a persistent security risk

Its botnet is still partially active


A variant we call XcodeGhost S reveals more advanced samples went undetected

FireEye reveals, after a monitoring activity of ‘four weeks,’ that there are 210 XcodeGhost infected apps still living in the enterprise sector that made a whopping 28,000 attempts to connect to XcodeGhost’s ‘Command and Control’ servers. FireEye goes on further and says “while not under attacker control, are vulnerable to hijacking by threat actors. Figure 1 shows the top five countries XcodeGhost attempted to callback to during this time.”

Once the XcodeGhost traffic is hijacked, there are a lot of things that can be done by the attacker, such as distributing apps outside of the App Store, forcing a user to browse a certain URL, promote certain apps at any given moment, and of course, allow pop-up phishing windows.

One iMessage Can Hack Your iOS Device Or Mac, Here's How To Protect Yourself

We highly recommend all users to refrain downloading apps that come from sources that are somewhat ‘shady.’ While jailbreaking, for instance, allows the freedom to install apps and games apart from the App Store, but one can’t be too careful these days, and there are chances of a malware slipping through a piece of software which looks innocent at face value.

We’re certain that Apple will take steps to hammer down the entire situation once more and make everything right again. Till that happens, it’s advised that everyone refrain from downloading apps or games that come from untrusted sources. Stick to the App Store we’d say.


Share on Facebook Share on Twitter Share on Reddit