Even if its functionality reminds more of analytics frameworks, it can still point iOS users to malicious websites

Sep 23, 2015 17:00 GMT  ·  By

Even though it infected at least 476 iOS apps, XcodeGhost's capabilities aren't as dangerous as previously thought, with adware being the closest description to reality.

XcodeGhost can be better qualified as adware because it doesn't include the toolset needed to steal personal information such as passwords or contacts from iOS devices where it was installed, as Andreas Weinlein from Appthority states in a blog post.

Therefore, iOS users who downloaded apps infected with XcodeGhost on their devices should make sure that they just remove all traces of those apps from their phones and secure their data for their peace of mind.

Moreover, if they don't have the time to check if any of the apps they have on their iOS device are on a list of XcodeGhost-affected apps, they should just wait to be notified about such malicious apps, as Apple promised they would do in a support article published yesterday.

According to Appthority and as Apple emphasized, XcodeGhost will only collect various bits of info about the device, but nothing more than the usual device identifiers tracking frameworks included in a large number of iOS apps would collect.

All the data it collects is then sent to a remote server, just like in the case of a run-of-the-mill analytics framework.

Although seemingly harmless, XcodeGhost is still capable of malicious-like behavior

The tricky part is that the iOS applications infected with XcodeGhost can also open custom URLs, and nothing guarantees that the websites it opens this way aren't malicious ones.

For instance, if the opened website mimicked one of Apple's websites and it asked the user to login using an Apple ID to confirm their identity, a large percentage of users might unknowingly give out their login credentials without second-guessing themselves even for a moment.

Until Apple decides to publish the actual list of XcodeGhost-infected iOS apps, users should make sure that they have all their apps updated and that they change their Apple ID passwords to be free of worries.