XCodeGhost is the first instance of the iOS App Store distributing a large number of trojanized apps, the malicious\/infected apps steal device and user information and send stolen data to a command and control (CnC) server<\/p>\n
The number of XCodeGhost-infected iOS apps, initially pegged at 39, has ballooned to more than 4,000.<\/p>\n
The staggering increase was the handiwork of analysis by FireEye researchers who said that the apps were being hosted on the official Apple App Store.<\/p>\n
“Immediately after learning of XcodeGhost, FireEye Labs identified more than 4,000 infected apps on the App Store,” FireEye said.<\/p>\n
The malicious apps steal device and user information and send stolen data to a command and control (CnC) server [and] also accept remote commands including the ability to open URLs sent by the CnC server.<\/p>\n These URLs can be phishing webpages for stealing credentials, or a link to an enterprise-signed malicious app that can be installed on non-jailbroken devices.<\/strong><\/em><\/p>\n
A FireEye spokesman told Vulture South that many of the infected apps were owned by “big Chinese global brands” such as consumer electronics, telcos, and banks.<\/p>\n
The Register has asked FireEye for the names of some of the prominent affected apps and will update this story should the information come to hand.<\/p>\n
FireEye put the huge increase in the number of discovered apps to fast scanning by its mobile threat prevention platform.<\/p><\/blockquote>\n