iOS apps popular mainly in China have been infected with a piece of malware that can steal your data, and even get you to reveal things like usernames and passwords via phishing. The malware, called XcodeGhost, was discovered by Chinese iOS developers, after it was able to find its way into legitimate Apple Store apps, including WeChat, a popular IM application.

What does XcodeGhost do?

Once the user downloads the infected app, this particular piece of malicious code uploads the device and app information to its command and control (C2) server. The attacker can send commands through this command and control server, telling it to perform actions such as:

• Creating fake phishing alerts to steal your username and password
• Reading and writing data on your device’s clipboard, which could uncover your password if it is copied from a password management tool
• Hijacking your browser to open specific URLs, which could lead to being able to take advantage of existing bugs in the iOS system, or other iOS apps

How to stay protected

Researcher PaloAlto Networks identified 39 infected apps, including:

• WeChat (IM app)
• Didi Chuxing (a popular ridesharing app in China)
• Railway 12306 (the only official rail ticket purchasing app in China)
• China Unicom Mobile Office (used by the largest mobile carrier in China)
• Tonghuashun (a popular Chinese stock trading app)

If you have any of the apps listed above on your device, make sure that you do the following:

• Update your app as soon as possible, or delete the app and wait for a new version of the app to be made available
• Change your Apple ID password (here's how)
• Watch out for any suspicious emails or push notifications to your device asking for your Apple credentials, or any personally identifying information