A week has passed since Chinese developers publicized the discovery of a new iOS malware on blog site Sina Weibo.

While Palo Alto Networks and other cyber security firms are currently developing countermeasures to fix the issue, iOS users can also do their part in safeguarding their devices. But first, what exactly is "XcodeGhost"?    

According to Mac Rumors, "XcodeGhost" is a malicious version of "Xcode," Apple's official software tool for creating iOS and OS X apps.

"XcodeGhost" was uploaded to a file-sharing service in China called "Baidu." Chinese iOS developers then unknowingly downloaded the malicious tool and started using it to develop applications and updates. The infected contents eventually made their way to the App Store, wherein unsuspecting Apple device users could download them unwittingly.

Unlike the "KeyRaider" malware from a previous Latin Post article, the "XcodeGhost" malware affects both stock and jailbroken iPhones, iPads and touch model iPods. Apple devices need only to be seeded with the infected applications to be vulnerable to hackers.

Palo Alto Networks found out that infected applications can receive commands from hackers through the C2 server. Once hackers have control over a particular iOS device, they can then do the following, as per The IT Nerd:  

  • Prompt a fake alert dialog to phish user credentials;
  • Hijack opening specific URLs based on their scheme, which could allow for exploitation of vulnerabilities in the iOS system or other iOS apps;
  • Read and write data in the user's clipboard, which could be used to read the user's password if that password is copied from a password management tool.

As to why official iOS developers in China downloaded "Xcode" from Baidu in the first place, Mac Rumors reported that "Xcode" is a relatively large file to download especially from Apple servers in China. The longer wait had prompted several developers to download the software tool from unofficial sources instead.

Meanwhile, Palo Alto Networks is hard at work with Apple in developing a fix for the "XcodeGhost" vulnerability. Other software developers have also sent out patches to protect their applications from the threat.

Apple told Reuters that it had removed infected applications from the App Store. The Cupertino-based tech giant also reiterated that it is working closely with developers to ensure no counterfeit versions of "Xcode" will be used in making iOS applications moving forward.

As for concerned iOS users, they must immediately uninstall the infected applications on their iOS devices. They could also update the applications to newer versions that have removed the malware. iOS users are also highly advised to reset their iCloud passwords for good measure.

Click here to view the list of infected applications which includes versions of "WeChat," "CamCard," "CamScanner" and "WinZip."