Hackers managed to embed malicious code into so many apps by convincing developers to download a counterfeit version of Xcode. Developers downloaded the infected version of Xcode from servers in China because it downloaded faster from that server than from Apple's own servers.
"We’ve removed the apps from the App Store that we know have been created with this counterfeit software," Apple spokeswoman Christine Monaghan said in an email. "We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps."
Palo Alto Networks examined the code inserted into infected iOS applications. It's capable of performing the following actions:
● Prompt a fake alert dialog to phish user credentials;
● Hijack opening specific URLs based on their scheme, which could allow for exploitation of vulnerabilities in the iOS system or other iOS apps;
● Read and write data in the user’s clipboard, which could be used to read the user’s password if that password is copied from a password management tool.
Additionally, one developer says that XcodeGhost has already launched phishing attacks, prompting users to input their iCloud passwords.
Compromised apps include Tencent Holdings mobile chat app WeChat, car-hailing app Didi Kuaidi and a music app from Internet portal NetEase.
Chinese security firm Qihoo360 Technology says it's identified 344 infected apps thus far. Apple hasn't revealed the number of apps it's identified as being compromised and has yet to provide any instructions on how users can check their device for XcodeGhost.
For now we would recommend immediately installing any app updates that come up. Please follow iClarified on Twitter, Facebook, Google+, or RSS for updates.