XcodeGhost

XcodeGhost is a compiler-based Trojan that infects every application that's developed with a compromised compiler. It's compatible with both iOS and Mac devices, and its features use various methods of collecting information from users. Caution about installing new programs from unofficial sources can assist with evading infection attempts, and most anti-malware products for the appropriate OSes should delete XcodeGhost upon detecting it.

The Problems with Chatting with the Wrong Programs

Criminal creativity is at its best, and worst, with overcoming obstacles such as curated application security, like the Facexworm's assaults against the Chrome Web Store. XcodeGhost is another, and long-lasting showing of how Black Hat software can make the rounds, despite the due precautions of all involved actors virtually. This Trojan is a rare demonstration of a compiler Trojan: a threat that turns the application-compiling process into a rigged game.

XcodeGhost is a threatening variant of Xcode, Apple's compiler for both iOS and Mac OS X. Any application compiled with the XcodeGhost version of the tool also is a host for another version of XcodeGhost. Past incidents show that infected applications even made their way through Apple's official application store security protocols, leading the way for downloads infecting new devices. A branch of WeChat software, which is prevalent in China, especially, is responsible for millions of infections.

Although malware experts note that XcodeGhost is somewhat classifiable as a backdoor Trojan, its control mechanisms for administrative purposes are meager. It does, however, harvest system information for its Command & Control server. Its more-unique features either collect data or interfere with the user's Web-browsing experience, as per the below attacks:

• XcodeGhost can collect copy-pasted information from the iOS clipboard, such as passwords, as well as modify it.
• XcodeGhost can open arbitrary Web addresses, which attackers might abuse for redirecting victims towards phishing sites, or for exposing them to other threats, like an Exploit Kit.
• Another phishing attack uses pop-ups, specifically, dialog alerts, for prompting information from users for collecting.

Shrugging Aside a Cross-Compatible Ghost

Like the development tool it subverts, XcodeGhost is compatible with both iOS and macOS environments. Users of those systems, while no longer at risk from old attacks, could be targeted by newer ones using similar or superior exploits. Since anti-virus and anti-malware support for these operating systems remains less broad than their Windows equivalents, users should maintain strict precautionary protections in compensation.

Mac users always should have Gatekeeper on, which reduces, if not eliminates, the chances of running harmful software unintentionally. Developers also should be careful about choosing compilers and avoid development resources that aren't well-vetted by trustworthy companies over time. Since official application stores also are at risk, users can protect themselves before downloading by checking reviews for any suspicious symptoms of unusual or threatening software behavior.

Compatible anti-malware programs should remove XcodeGhost in either its compiler or application-based format, although victims may require additional device cleanup afterward. Until then, they should avoid entering passwords in unusual sites or pop-ups, and limit their Web-surfing activities for dodging XcodeGhost's attacks.

XcodeGhost is a Trojan, a browser hijacker, and a compiler-infesting pseudo-virus. More worrisomely, it's also another case of a Trojan getting to the people who have the fewest ways of protecting themselves: iOS and Mac users.