The App Store suffered its worst security breach in history over the weekend, when it was discovered that hundreds of Chinese apps have a malicious program dubbed ‘XcodeGhost’ embedded in their software.
The huge security lapse made its way into legitimate apps thanks to Chinese developers who used a counterfeit version of Apple’s Xcode software that was uploaded to file sharing service Baidu. By using XcodeGhost to compile their apps, developers accidentally allowed the malicious code to be distributed through the App Store.
Apple has pulled infected apps off the store to stop stop the spread, but users still need to delete XcodeGhost apps off their devices manually. Most of the apps infected are mostly used in China, however some big name apps like WeChat, Angry Birds 2, and Didi Chuxing (Uber’s biggest rival in China) were also hit.
Here’s a full list of infected apps:
- Didi Chuxing
- Angry Birds 2
- NetEase
- Micro Channel
- IFlyTek input
- Railway 12306
- The Kitchen
- Card Safe
- CITIC Bank move card space
- China Unicom Mobile Office
- High German map
- Jane book
- Eyes Wide
- Lifesmart
- Mara Mara
- Medicine to force
- Himalayan
- Pocket billing
- Flush
- Quick asked the doctor
- Lazy weekend
- Microblogging camera
- Watercress reading
- CamScanner
- CamCard
- SegmentFault
- Stocks open class
- Hot stock market
- Three new board
- The driver drops
- OPlayer
- Mercury
- WinZip
- Musical.ly
- PDFReader
- Perfect365
- PDFReader Free
- WhiteTile
- IHexin
- WinZip Standard
- MoreLikers2
- CamScanner Lite
- MobileTicket
- iVMS-4500
- OPlayer Lite
- QYER
- golfsense
- Ting
- Golfsensehd
- Wallpapers10000
- CSMBP-AppStore
- MSL108
- TinyDeal.com
- snapgrab copy
- iOBD2
- PocketScanner
- CuteCUT
- AmHexinForPad
- SuperJewelsQuest2
- air2
- InstaFollower
- CamScanner Pro
- baba
- WeLoop
- DataMonitor
- MSL070
- nice dev
- immtdchs
- OPlayer
- FlappyCircle
- BiaoQingBao
- SaveSnap
- Guitar Master
- jin
- WinZip Sector
- Quick Save
Source: Palo Alto Networks
Buster Hein is a freelance writer who lives in Phoenix, Arizona. Twitter: @bst3r.
59 responses to “XcodeGhost hack: Delete these infected iOS apps immediately”
Thanks for sorting the list alphabetically
Thanks for paying for the service
He paid by viewing ads.
How do you know he doesn’t block them?
If he couldn’t see an app in the list because it’s not alphabetically sorted, let alone see any ads. Doesn’t count as paying
Allow me to% show you a fantastic ways to earn a lot of extra CASH by finishing basic tasks from your house for few short hours a day — See more info by visiting >MY_DISQUS_ACCOUNT
Exactly my thoughts! Posting alphabetically sorted version below in a second.
I sorted it and posted the list but COM blocked it for some reason and NO it wasn’t a web link.
Looks like we get a little taste of the Android life here.
Can’t say I’m taken by surprise. How many times do things like this have to happen year after year for people to stop buying or using hardware and software from China?
Everyone already knows China is not trustworthy or ethical, but they seem to forget this fact when looking at a cheap price tag.
This latest issue is just one out of many more attacks or vulnerabilities executed by the Chinese that don’t even get discovered or publicized.
It’s always been a no brainer that we should avoid all Chinese products.
So I assume we need to wait until the developer releases an update before downloading them again?
Personally, if these app developers do things like use XCode from an unverifiable source, I don’t intend to ever install these or any other apps from these devs …
Yes, you need to wait for the next version. I also have a property I’d like to sell you.
It’s a legitimate question wise guy
It’s a legitimately but not well thought out question. “How soon can I download the updated version from the development company that uses bootleg software to build apps”.
Just avoid them.
Can’t say I’m taken by surprise. How many times do things like this have to happen year after year for people to stop buying or using hardware and software from China?
Everyone already knows China is not trustworthy or ethical, but they seem to forget this fact when looking at a cheap price tag.
This latest issue is just one out of many more attacks or vulnerabilities executed by the Chinese that don’t even get discovered or publicized.
It’s always been a no brainer that we should avoid all Chinese products.
Would be nice to have links out to their itunes store since names of apps can be close or the same/similar. Curious if my PDF Reader app is the one in question. :/
If it the very popular “PDF Reader”, then yes, it likely is as it has been pulled from the app store. shame too as I have the paid version.
Thanks man. I went through and deleted the app after posting. And I guess if apps were pulled a link would do nothing/go no where.
OMG! CamCard is a HUGE loss for me! I keep ALL my vendors cards in it.
how did you backup cam card??
I believe I went into settings on the app and there’s a VERY vague description on where to go and how to do it.
I’m feeling lazy. Somebody make an app to look for those apps.
Just don’t make it with an infected Xcode… :)
I hear a dev in China is getting right on that.
Due to the security model of iOS 9, apps can’t find out what other apps are running.
1. “Somebody” could easily include Apple, who could do whatever they want.
2. only 50% of users are on iOS 9.x
3. jailbreak developers
Would it be possible for you to compile a list of the developers of these apps? I don’t want to download something from developers who don’t bother to pull Xcode directly from Apple and put us all at risk.
From 9to5Mac Rovio has advised that only the version of Angry Birds 2 in the Chinese App Store was affected.
I wish to clarify that Rovio can confirm that only the Chinese build of Angry Birds 2 — available only on the App Store in Mainland China, Taiwan, Hong Kong and Macau — is vulnerable to the security issue. All other builds of Angry Birds 2 available in other countries are completely safe and secure. An update of Angry Birds 2 for customers in Mainland China, Taiwan, Hong Kong and Macau that fixes the issue is coming very shortly.
I still removed it! It’s not worth the risk IMO.
Around 76 is not «hundred». Do I miss something?
Yes fan boy. This is the list of the known ones.
adios CamScanner!
If I used any from that tiny handful of apps from the more than 1,000,000 in the App Store, and if I lived in China where most of them are downloaded, and if I worried about somebody somewhere trying to get into my iPhone… I’d be concerned. As it is, I’m more worried the sun burning out. But Kudos to Apple for getting on the problem immediately.
since when ?
Thank you … I was already safe …
?winzip. why do you need winzip on your iPhone seriously. lol. don’t have any of these apps. i’m safe :)
Isn’t this what the “Kill Switch” was designed to fix?
Nice alphabetization there.
Camcard is still available in the App Store. Why is that?!
So is CamScanner and Mercury!
A lot of the ones of this list still are. I though they were pulled? I use CamScanner a lot and right now have a lot of documents on it that I need to download.
Why would a company like ROVIO download a hacked version of x-code from a Chinese server? Or am I missing something.
Exactly. Are we still so dumb to believe Apple that it was only rogue hacked app development platform hosted on some shady Chinese web servers and downloaded by Finnish well known and reputable game company? I say, Apple should be more honest about this hack and overall irresponsible, so far, approach to software and online services.
Wow, wechat is huge. China is a mess.
WeChat is still available in apps store.. Is this affecting certain country ie. China only?
I think I read elsewhere that WeChat’s latest version is not affected.
Angry Birds 2 is still in the app store, I think.
Allow! me to show you a fantastic ways to earn a lot of extra CASH by finishing basic tasks from your house for few short hours a day — See more info by visiting >MY_DISQUS_ACCOUNT
Wait, so developers of apps as significant as Angry Birds are using some fake Xcode distributed over a public file sharing platform to compile their code?
Surely I’m overlooking a detail here. Surely they wouldn’t risk something like that, right?
I feel like this article may be skipping on some details here.
So what if you had some of the apps installed? What were they able to get from the devices? Should we be changing passwords?
Thanks for listing oplayer twice lol
This wouldn’t have happened if it was in alphabetical order or something
oPlayer is listed twice (three times if the “lite” version is included)
anyway to get the ipa name so i can also delete from mobile apps library in iTunes folder?
Thanks
What about the app 17- the downgrade version of Instagram? Everyone was saying that particular app hacked your apple account , is it true? Or somewhat a link with this information
The article seems to imply the hack is limited to Chinese versions of the apps. Am I reading the article correctly? If so, then does that also imply the US versions have not been hacked? If so, then US versions of CamCard for example do not use the bad XcodeGhost.
Am I reading this right?
Too lazy to sort a simple alpha list??? please.
i hope apple soon gives an option to delete some of their most useless native apps ..
That’s why I only use American software. Chinese is C for crap.