Skip to main content
Remove XcodeGhost malware (Xcode Ghost) from infected iOS device

Remove XcodeGhost malware (Xcode Ghost) from infected iOS device

Follow the instructions step by step to cease the troublesome web traffic rerouting to by effectively removing the malware that causes them.

XcodeGhost has been in the news a lot lately, which is natural because it is believed to be the most sophisticated and massive attack against App Store users. The fraudsters have come up with a method to affect several parties involved in application-making, distribution and use in one shot. Most of the contamination reports have been coming from China as the malicious code was prevalently injected into apps that enjoy popularity in said country. These include WeChat, Didi Kuaidi, CamScanner, China Unicom Mobile Office, Angry Birds 2 and many more, with the accurate total quantity unknown at this point, ranging from 30 to 300. In any event, as per the cumulative user base that’s potentially subject to this compromise, millions of iPhone and iPad users might be in trouble.

The assault has been heated up by wrong choices that iOS app creators were making. Instead of sticking to official version of the Xcode integrated development environment, some authors would download and use a re-engineered variant, known as XcodeGhost, from the cloud file sharing service provided by Baidu. The why’s for this decision should probably be viewed in the context of Internet connection speed and bandwidth in some parts of China, where developers prefer downloading a smaller file over a certified big one. Consequently, all apps built and compiled with the spoof IDE pose a potential risk to anyone downloading them.

When the twisted version of WeChat, CamScanner or random affected app ends up on an iOS device, it acts in a malicious fashion while looking perfectly normal on the outside. These applications harvest information about the gadget, including the network type, the UUID, device name, language and country. The collected details get encrypted and uploaded to the criminals’ C&C. Although the list of privileges to access this sort of data is fairly common for the average iOS apps, things may go awry if the info goes into the wrong hands. One of the most disturbing characteristics of the malware is its ability to read data stored in the clipboard, making the danger of sensitive information theft real, in particular when a password management tool is used on the device.

The countermeasures for XcodeGhost attack are pretty simple. First off, the iOS user should find out if their installed apps are infected – an automatic scanning solution can do the trick. Secondly, all apps flagged ‘malicious’ are to be uninstalled as soon as possible. The products can be reinstalled later on, once the healthy versions become available.


Get rid of XcodeGhost virus using Freshmac automatic removal tool

When confronted with malicious code like the XcodeGhost on Mac, you can neutralize its toxic impact by leveraging a specially crafted system utility. The Freshmac application (read review) is a perfect match for this purpose as it delivers essential security features along with must-have modules for Mac optimization.

This tool cleans unneeded applications and persistent malware in one click. It also protects your privacy by eliminating tracking cookies, frees up disk space, and manages startup apps to decrease boot time. On top of that, it boasts 24/7 tech support. The following steps will walk you through automatic removal of the XcodeGhost infection.

1. Download Freshmac installer onto your machine. Double-click the Freshmac.pkg file to trigger the installer window, select the destination disk and click Continue. The system will display a dialog asking for your password to authorize the setup. Type the password and click Install Software.

Download Now

2. Once the installation has been completed, Freshmac will automatically start a scan consisting of 5 steps. It scans cache, logs, unused languages, trash, and checks the Mac for privacy issues.

3. The scan report will then display your current system health status and the number of issues detected for each of the above categories. Click the Fix Safely button to remove junk files and address privacy issues spotted during the scan.

4. Check whether the XcodeGhost virus has been fixed. If the lock screen is still there, go to the Uninstaller option on Freshmac GUI. Locate an entry that appears suspicious, select it and click Fix Safely button to force-uninstall the unwanted application.

5. Go to Temp and Startup Apps panes on the interface and have all redundant or suspicious items eliminated as well. The XcodeGhost fraud shouldn’t be causing any further trouble.


Was this article helpful? Please, rate this.

There are no comments yet.
Authentication required

You must log in to post a comment.

Log in