Apple Lists Top 25 Apps Compromised by XcodeGhost Malware

[MacRumors]

Apple has updated its XcodeGhost FAQ on its Chinese website with a list of the top 25 most popular App Store apps that were compromised by the malware. The list includes some notable apps such as WeChat, Heroes of Order & Chaos and a localized version of Angry Birds 2.

Apple advises that users should update the affected apps to fix the issue, noting that if a listed app is available on the App Store right now, it has already been updated. Apps with an asterisk are currently not available on the App Store, but Apple says they should be updated very soon.

WeChat
DiDi Taxi
58 Classified - Job, Used Cars, Rent
Gaode Map - Driving and Public Transportation
Railroad 12306
Flush
China Unicom Customer Service (Official Version)*
CarrotFantasy 2: Daily Battle*
Miraculous Warmth
Call Me MT 2 - Multi-server version
Angry Birds 2 - Yifeng Li's Favorite*
Baidu Music - Music Player with Downloads, Ringtones, Music Videos, Radio & Karaoke
DuoDuo Ringtone
NetEase Music - An Essential for Radio and Song Download
Foreign Harbor - The Hottest Platform for Oversea Shopping*
Battle of Freedom (The MOBA mobile game)
One Piece - Embark (Officially Authorized)*
Let's Cook - Receipes
Heroes of Order & Chaos - Multiplayer Online Game*
Dark Dawn - Under the Icing City (the first mobile game sponsored by Fan BingBing)*
I Like Being With You*
Himalaya FM (Audio Book Community)
CarrotFantasy*
Flush HD
Encounter - Local Chatting Tool

Apple has been working to remove all apps compromised by XcodeGhost from the App Store, but some affected apps may remain available for download. Apple has also outlined steps for developers to validate Xcode and said it would alert users to let them know if they have downloaded apps that could have been compromised.

XcodeGhost is a new iOS malware that arose from malicious versions of Xcode, Apple's official tool for developing iOS and OS X apps, downloaded by some developers in China. Chinese developers then unknowingly compiled iOS apps using the modified Xcode IDE and distributed those infected apps through the App Store.

MacRumors posted a detailed XcodeGhost FAQ over the weekend that explains more about the malware, who is affected and how to keep yourself protected, although Apple has since downplayed the severity of XcodeGhost compared to what some security firms initially reported.

We have no information to suggest that the malware has been used to do anything malicious or that this exploit would have delivered any personally identifiable information had it been used.

We're not aware of personally identifiable customer data being impacted and the code also did not have the ability to request customer credentials to gain iCloud and other service passwords.

Chinese developers initially disclosed XcodeGhost on microblogging service Sina Weibo last Wednesday.

Article Link: Apple Lists Top 25 Apps Compromised by XcodeGhost Malware

 

[MH01]

Well about time they listed these.

Wonder how many in total are effected.

 

[garylapointe]

What's the point of a top 25 list?

Don't we need to know all of them?!?

Gary

 

[shanson27]

Never trust apps from China

 

[MH01]

What's the point of a top 25 list?

Don't we need to know all of them?!?

Gary

Sounds like the list might be in the hundreds . Top 25 is a PR move I suspect.

Agree need the complete list.

 

[Dilster3k]

Love how Apple always brags about Appstore statistics... In reality it's just filled with crap like this.

 

[Madmic23]

How did that Angry Birds app even make it into the store? There's no way it's from Rovio.

 

[madsci954]

Not trying to down play this, but isn't this only on the Chinese App Store? Other regional Stores weren't affected by this?

 

[Plutonius]

Does anyone here actually have any of the apps listed ?

 

[MH01]

Just read the FAQ, compared to what other sites are reporting, apple is going for the head in sand approach.

They are actually implying the problem is not far beyond these apps.....

 

[CarlJ]

How did that Angry Birds app even make it into the store? There's no way it's from Rovio.

I was wondering about that too, but it looks like it might be legit:

Rovio Localizes 'Angry Birds 2' to Boost Downloads in the Chinese Market

 

[MattG]

So, junk apps basically...got it.

 

[FreakinEurekan]

What's the point of a top 25 list?

Don't we need to know all of them?!?

Gary

From the FAQ:

"A list of the top 25 most popular apps impacted are listed below. After the top 25 impacted apps, the number of impacted users drops significantly"

 

[blodyholy]

What's with the '*'s' and no footnote explanation?

Edit: It's early and I haven't had coffee. I see it now.

 

[charlieegan3]

So, junk apps basically...got it.

WeChat is a pretty big deal.

"As of August 2014, WeChat has 438 million active users" Wikipedia. (mostly not iOS tough - clearly)

 

[TechRemarker]

What's the point of a top 25 list?

Don't we need to know all of them?!?

Gary

While a full list would be nice for us, that would only are the competition like Android lovers with full to through flames at the platform. I think what they are showing is that the top 25 downloaded where all very obscure apps that the average user never downloaded, and if we didn't download these then past the top 25 would be even more obscure and less likely that the average user (at least average non china based user) downloaded an affected app.

 

[Gasu E.]

So, junk apps basically...got it.

Chinese apps. Some of these are big in the Chinese market.

 

[KanosWRX]

So 99% of people have nothing to worry about as all these apps look like junk apps to me.

 

[Gasu E.]

What's the point of a top 25 list?

Don't we need to know all of them?!?

Gary

I'll bet you have none of them, and haven't even heard of these. The point of the top 25 list is to demonstrate this.

 

[AdeFowler]

Well about time they listed these.

Wonder how many in total are effected.

4000 according to the Register:

http://www.theregister.co.uk/2015/09/23/xcodeghost_ios_app_infection_toll_rises_to_four_thousand/

 

[Daalseth]

For years malware has made users computers into bots
Now malware can make PROGRAMMERS into bots.
An amazing world we live in.

 

[Gasu E.]

Sounds like the list might be in the hundreds . Top 25 is a PR move I suspect.

Agree need the complete list.

If you have never even considered downloading one of the top 25, you haven't installed any of the rest.

 

[MH01]

If you have never even considered downloading one of the top 25, you haven't installed any of the rest.

That's an awful assumption....

 

[MH01]

4000 according to the Register:

http://www.theregister.co.uk/2015/09/23/xcodeghost_ios_app_infection_toll_rises_to_four_thousand/

Damn.... guess they will not be poking fun at android in relation to malware next time...

 

[louiek]

I was wondering about that too, but it looks like it might be legit:

Rovio Localizes 'Angry Birds 2' to Boost Downloads in the Chinese Market

So Rovio teamed up with someone who couldn't be bothered downloading a legitamite version of Xcode. Just...wow.