Despite swift Apple action, XcodeGhost threat lingers
We first heard of the XcodeGhost malware back in September as reports identified hundreds of iOS apps built with unauthorized copies of Apple’s Xcode IDE that managed to introduce some sneaky, unwanted code. Infected apps had the potential to seriously compromise system security, so Apple was understandably quick to remove offenders from the App Store. Now, over a month later, is XcodeGhost finally something Apple can put behind it? Maybe not, warn security researchers, as signs of XcodeGhost infections persist, and new iOS-9-optimized variants are uncovered.
While Apple might have worked to pull down infected apps, not all users have been so quick to make sure XcodeGhost-compromised apps aren’t still living on their phones. Though the original XcodeGhost control servers are down, devices from hundreds of businesses, schools, and other institutions around the globe are still trying to connect (signs of an infected iPhone), and a new malicious actor could emerge at any time to take advantage of them.
More than that, it looks like Apple failed to remove all infected apps from the App Store, and an updated version known as XcodeGhost S goes out of its way to hide its identity. Luckily, even that’s being detected now, but the way it was initially missed is enough to suggest that it may be some time before the whole XcodeGhost fiasco is over.