As I previously observed in a post commenting on FireEye’s commentary, apps haunted by the presence of XcodeGhost are still with us. Paul Ducklin’s blog for NakedSecurity – Apple’s XcodeGhost malware still in the machine… – takes a slightly different angle, drawing parallels with Stuxnet with the Induc epidemic of 2009.
There is indeed a similarity: as I wrote at that time:
[An Induc infection] means that the file contains a piece of code that includes routines to modify files belonging to the Delphi development tool and thereafter, all applications compiled using Delphi will also contain the virus.
The NakedSecurity article summarizes the somewhat analogous way in which XcodeGhost compromises applications generated with the ‘cooked’ version of the Xcode development toolkit, and reinforces the message that there are likely to be compromised apps out there even after Apple removed known-compromised programs from the App Store. It also gives some sound advice for developers on not blindly trusting third party libraries and not scorning the use of anti-malware apps. Apple has all but killed off anti-malware products for iOS, but the critical point here is that (as Paul puts it) we’re talking about
Apple Mac malware that was specially created by crooks in China to create iOS malware.