XcodeGhost infected app count soars to 4,000

computer virus

Thought XcodeGhost malware only affected 40 Chinese iOS apps? You would be wrong, at least according to security researchers FireEye.

The organisation claims that the 39 apps originally detected by Palo Alto Networks at the beginning of the week account for less than one per cent of the total carrying XcodeGhost in the Apple App Store.

"Immediately after learning of XcodeGhost, FireEye Labs identified more than 4,000 infected apps on the App Store," the company said in a blog post. "FireEye has since updated detection rules in its NX and Mobile Threat Prevention (MTP) products to detect the malicious apps and their activity on a network."

However, the company added another note of caution, saying: "It's important to note that, although the CnC servers have been taken down, the malicious apps still try to connect to them using HTTP. This HTTP session is vulnerable to hijacking by other attackers."

Apple is asking developers to verify Xcode to ensure uninfected versions are being used, but Forrester analyst Tyler Shields told IT Pro that while Apple does has many steps in place to stop malware from infiltrating the App Store, "there is no way they will ever stop it all".

"Apple's incentives are to get as many interesting apps as possible into the app store which will result in a lower security bar than many enterprises are willing to accept. It's not that Apple wants malware in the system, just that it's not as important to limit malware as it is to increase revenue from the app store to Apple," said Shields.

"They will continue to improve their detection processes and algorithms but there will always be a need for the enterprise and the consumer to apply security controls that match their specific level of need regardless of what the app store owners do," he concluded.

Jane McCallion
Deputy Editor

Jane McCallion is ITPro's Managing Editor, specializing in data centers and enterprise IT infrastructure. Before becoming Managing Editor, she held the role of Deputy Editor and, prior to that, Features Editor, managing a pool of freelance and internal writers, while continuing to specialize in enterprise IT infrastructure, and business strategy.

Prior to joining ITPro, Jane was a freelance business journalist writing as both Jane McCallion and Jane Bordenave for titles such as European CEO, World Finance, and Business Excellence Magazine.