14 DAY TRIAL // As discovered by Palo Alto Networks on September 17, 2015, a modified version of Apple's Xcode integrated development environment (IDE) has been used by a number of Chinese developers to unknowingly distribute a piece of compiler malware named XcodeGhost via their own iOS apps.
Even though Apple kept its silence regarding the problem for a while, yesterday it confirmed that around 300 malware-ridden iOS apps have been removed from the App Store.
Apple's Christine Monaghan said in an e-mail to The Guardian that “We’ve removed the apps from the app store that we know have been created with this counterfeit software. We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.“
Where does the CIA come in? The Intercept reported on March 10, 2015, that during a secret annual gathering where security researchers who work with the Central Intelligence Agency came to share their latest discoveries, and some of the researchers present at the conference have mentioned that they've created a modified Xcode version capable of adding backdoors in any app an iOS developer would compile.
Moreover, the iOS applications built using the malicious Xcode IDE would also come with the ability to steal passwords from the devices they're running on, as well as send data to a command center of their choice.
As disclosed in The Intercept's report, "It remains unclear how intelligence agencies would get developers to use the poisoned version of Xcode."
The resemblance between the iOS malware described by CIA researchers and XcodeGhost is eerie, to say the least
The malware the CIA security researchers have described has very similar capabilities to what XcodeGhost is capable of and, to make it even more uncanny, the way it would infect iOS apps also matches the one used by XcodeGhost.
Since the only question regarding the possibility of a piece of compiler malware created by the CIA is the way one would get iOS developers to use a malicious Xcode build to infect their apps has gotten an answer after security researchers have discovered XcodeGhost, the only question remaining on the table is if the CIA would actually be capable of sabotaging one of their countries biggest companies in such a straightforward and malevolent manner.
We should also mention, that a few days ago, as discovered by PixelsTech, an anonymous Github user has published a new repository supposedly containing XcodeGhost's source code with a description saying that the malware wasn't supposed to steal any private information from iOS users. Instead XcodeGhost was designed to prove the fact that Xcode makes it possible to modify configuration files to load custom source code.
Keep in mind though that the only reason this has happened is the huge amounts of time needed for Chinese developers to download and install a Xcode copy from Apple's official servers.
The malicious Xcode installers have been distributed via Baidu's cloud-based file sharing service, a much more convenient and speedier way to install Xcode if you are a developer from China.
In the future, Apple might be able to avoid similar problems if they would consider providing multiple download servers for various territories around the world.
