XcodeGhost is a malware that affects both iOS and Mac OS X, first identified in mid-2015. The malware is the first compiler malware in OS X. The malicious code was repackaged into some versions of Xcode installers; Xcode is Apple's official tool for developing apps for iOS and OS X. The malicious installers were uploaded to Baidu's cloud file sharing service used by Chinese iOS and OS X developers. It successfully infected multiple iOS apps, at least two of which were submitted and accepted into the App Store. XcodeGhost's main objective is to gather information on the device and upload it to the C2 servers.


September 2015: 39 iOS apps, including WeChat, are infected with XcodeGhost, affecting hundreds of millions of users. (Palo Alto Networks)

September 2015: More details on XcodeGhost and how to stop the attack. (Palo Alto Networks)

Technical Details

Palo Alto Networks provides technical details on XcodeGhost here.

iOS MalwareNJCCICXcodeGhost