Not long ago, when Tencent Security Response Center (TSRC) was fixing a bug, it found that some apps were sending user information to certain domain. TSRC reported this problem to CNCERT, China’s national internet security response center, and CNCERT released a warning.
It turned out that some app developers did not download Xcode package from official providers, but from internet. Unofficial Xcode package was implanted some malicious codes, and then become a new OS X and iOS malware. Alibaba researchers then posted an analysis report on the malware, giving it the name XcodeGhost.
XcodeGhost infected many popular apps including WeChat, Didi Chuxing and Highmoralmap. WeChat then issued a notification that the newest WeChat version has already solved this problem, and there is no reported loss so far. Following notification by Palo Alto Networks of malicious files hosted on their file sharing services, Baidu has removed all of the files.
On September 19th, a day after this event stirred China’s social media, a man claimed to be the writer of XcodeGhost appeared on the Internet, and said XcodeGhost was only an experiment of his. He said he has already deleted all data and shut down the server. XcodeGhost would not cause further damage to users, according to the writer.
However, Chinese users are still angry and panic at the same time. Apple Inc. has not responded to this event yet.