Well, this is kind of a mess.
Research associate Palo Alto Networks has posted an analysis on a novel malware XcodeGhost that modifies Xcode IDE to infect Apple iOS apps. The report mentions that at least two popular iOS apps were infected. We now believe many more popular iOS apps have been infected, including WeChat, one of the most popular IM applications in the world.
The malware itself seems to stem from the fact that some iOS developers use crowd-sourcing techniques which adds to their apps being more vulnerable.
As last count, roughly 39 iOS apps were infected, some of which are extremely popular in China and in other countries around the world, comprising hundreds of millions users.
The infected iOS apps include IMs, banking apps, mobile carrier’s app, maps, stock trading apps, SNS apps, and games. Among the more well-known apps are WeChat. Didi Chuxing, a popular Uber-like app used in China; Railway 12306, the only official app used for purchasing train tickets in China; China Unicom Mobile Office, which is in use by the biggest mobile carrier in China; and Tonghuashun, one of most popular stock trading apps.
Some apps are also available from the App Store in other countries. For example, CamCard, developed by a Chinese company, is the most popular business card reader and scanner in many countries (including the US) around the world. WeChat is the most popular IM app not only in China but also in many countries or regions in Asia Pacific. Version 6.2.5 of WeChat is what we have verified to be infected. Tencent has updated to 6.2.6, which removed the malicious code.
Palo Alto Networks is cooperating with Apple on the issue.
Stay tuned for additional details as they become available.