Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Apple lists top 25 apps affected by XcodeGhost malware infiltration

Last updated

Apple has published a list of the top 25 iOS apps impacted by China's XcodeGhost hack, the next step in a continued effort to rid infected devices of tainted software distributed through the iOS App Store.

In posting the app list to its XcodeGhost FAQ on Thursday, Apple intends to stamp out remaining copies of malware users might have inadvertently downloaded over the weekend. The company urges customers to update impacted apps immediately, noting titles not currently on the App Store should return soon.

"After the top 25 impacted apps, the number of impacted users drops significantly," Apple says, adding that it is working directly with developers to get affected apps back up for download.

Apple's list of the top 25 apps affected by XcodeGhost (asterisks denote titles not currently available from the App Store):

  • WeChat
  • DiDi Taxi
  • 58 Classified - Job, Used Cars, Rent
  • Gaode Map - Driving and Public Transportation
  • Railroad 12306
  • Flush
  • China Unicom Customer Service (Official Version)*
  • CarrotFantasy 2: Daily Battle*
  • Miraculous Warmth
  • Call Me MT 2 - Multi-server version
  • Angry Bird 2 - Yifeng Li's Favorite*
  • Baidu Music - A Music Player that has Downloads, Ringtones, Music Videos, Radio, and Karaoke
  • DuoDuo Ringtone
  • NetEase Music - An Essential for Radio and Song Download
  • Foreign Harbor - The Hottest Platform for Oversea Shopping*
  • Battle of Freedom (The MOBA mobile game)
  • One Piece - Embark (Officially Authorized)*
  • Let's Cook - Receipes [sic] Heroes of Order & Chaos - Multiplayer Online Game*
  • Dark Dawn - Under the Icing City (the first mobile game sponsored by Fan BingBing)*
  • I Like Being With You*
  • Himalaya FM (Audio Book Community)
  • CarrotFantasy*
  • Flush HD
  • Encounter - Local Chatting Tool

The XcodeGhost exploit was outed on Monday as a rogue version of Apple's official Xcode development software, deployed by an unknown party to surreptitiously infect legitimate apps and mine user data. Developers unwittingly installed and used the modified Xcode version to write and upload apps to the App Store.

At the time, Apple did not host an official copy of its development software on Chinese servers, meaning Mac App Store versions were much slower to download than those offered through local channels. As a workaround, some developers opted to download Xcode from local providers outside of Apple's purview. In this case, XcodeGhost was allowed to proliferate by masquerading as a legitimate copy of Xcode on cloud storage servers run by Baidu.

All known instances of XcodeGhost have since been removed, while Apple has promised to host Xcode on Chinese servers. Apple also wiped the App Store of offending apps and is currently blocking submissions containing the malware.



17 Comments

mbsmd 14 Years · 34 comments

There's a lot of weird sounding stuff on the Chinese App Store I must say.

jdunys 11 Years · 18 comments

Amazing how Apple is able to take these steps to re-secure its servers so quickly. Trust is so important. Can Google do the same with the Android store? I know who I am edging my bet with

hattig 19 Years · 860 comments

Carrot Fantasy? Also amazing that developers of all people downloaded their dev tools from any old supplier online of the software, instead of the official source, even though the software is free. Infecting the dev tools has long been known as a good route for infecting applications built by the dev tools. It's one of the standard examples given in a decent security course at university.

arthurba 16 Years · 146 comments

Never ever ever use software from any of these companies ever again. Never. Ever. It's one thing for a developer to download Xcode from some random place, disable gatekeeper on their laptop, and develop using it. It's another thing altogether for a software company to release a customer build without using a pristine quarantined build environment. This is software engineering 101. C'mon this is 2015 people, not 1985! These are not software companies one should ever trust. Whilst Apple do a splendid in of curating the store - they had assumed their developers were doing basic software engineering. Clearly that is a dubious assumption.

techprod1gy 11 Years · 838 comments

Apple should ban these companies. I don't download generic apps. Which these fall into that category. There needs to be a certain standard like everything else. These companies fail to fit that standard.