Apple lists top 25 apps affected by XcodeGhost malware infiltration

In posting the app list to its XcodeGhost FAQ on Thursday, Apple intends to stamp out remaining copies of malware users might have inadvertently downloaded over the weekend. The company urges customers to update impacted apps immediately, noting titles not currently on the App Store should return soon.

"After the top 25 impacted apps, the number of impacted users drops significantly," Apple says, adding that it is working directly with developers to get affected apps back up for download.

Apple's list of the top 25 apps affected by XcodeGhost (asterisks denote titles not currently available from the App Store):

• WeChat
• DiDi Taxi
• 58 Classified - Job, Used Cars, Rent
• Gaode Map - Driving and Public Transportation
• Railroad 12306
• Flush
• China Unicom Customer Service (Official Version)*
• CarrotFantasy 2: Daily Battle*
• Miraculous Warmth
• Call Me MT 2 - Multi-server version
• Angry Bird 2 - Yifeng Li's Favorite*
• Baidu Music - A Music Player that has Downloads, Ringtones, Music Videos, Radio, and Karaoke
• DuoDuo Ringtone
• NetEase Music - An Essential for Radio and Song Download
• Foreign Harbor - The Hottest Platform for Oversea Shopping*
• Battle of Freedom (The MOBA mobile game)
• One Piece - Embark (Officially Authorized)*
• Let's Cook - Receipes [sic] Heroes of Order & Chaos - Multiplayer Online Game*
• Dark Dawn - Under the Icing City (the first mobile game sponsored by Fan BingBing)*
• I Like Being With You*
• Himalaya FM (Audio Book Community)
• CarrotFantasy*
• Flush HD
• Encounter - Local Chatting Tool

The XcodeGhost exploit was outed on Monday as a rogue version of Apple's official Xcode development software, deployed by an unknown party to surreptitiously infect legitimate apps and mine user data. Developers unwittingly installed and used the modified Xcode version to write and upload apps to the App Store.

At the time, Apple did not host an official copy of its development software on Chinese servers, meaning Mac App Store versions were much slower to download than those offered through local channels. As a workaround, some developers opted to download Xcode from local providers outside of Apple's purview. In this case, XcodeGhost was allowed to proliferate by masquerading as a legitimate copy of Xcode on cloud storage servers run by Baidu.

All known instances of XcodeGhost have since been removed, while Apple has promised to host Xcode on Chinese servers. Apple also wiped the App Store of offending apps and is currently blocking submissions containing the malware.