A total of 4,000 iOS applications are now infected by the XcodeGhost malware. (Photo : Facebook)
A total of 4,000 iOS applications are now infected by the XcodeGhost malware, where 39 infected apps were initially reported on Sept. 18, Friday.
In the malware report released on Sept.22, Tuesday, by security research firm FireEye, the real number of iOS trojanized apps had already amounted to 4,000 after another security company Palo Alto Networks reported last week that there are only 39 infected apps.
Apparently, most of the infected apps belong to well-known Chinese brands. According to The Register, a FireEye spokesperson reportedly stated in Vulture South that the "big Chinese global brands" with the trojanized apps include telecommunication companies and banks.
For now, the security company is yet to disclose the names of the prominent infected apps.
Meanwhile, Apple continues to extend all efforts to get rid of the malicious apps that was originally uploaded in the App Store.
Dubbed as XcodeGhost by security researchers, the malware version of the iOS development tool made its way to popular developer forums on Friday. According to PC World, security malware firms confirmed that the said apps breached its way to the iOS system by attaching to other applications; thus hiding its real function to steal user information.
Based on security firm reports, users were tricked into believing that the XcodeGhost is a faster means to download the original 3GB Xcode development file.
Back then, critics lauded the security of iOS apps from that of Android's. Notably, iOS apps required a rigorous application validation process before they are officially uploaded to the App Store. However, sources reported that this was the first time that the security scheme fall short for malware detection which also drew future security implications on iOS apps.
Meanwhile, security companies warned users to be wary of their app downloads for now because their research teams continue to identify more infected apps. In addition, FireEye researchers confirmed that the infection is also manifesting itself through unencrypted hypertext transfer protocol or HTTP sessions.
