Middlebury ITS Information Security is currently investigating indications that members of the Middlebury community are using iOS apps infected with the recently discovered XCodeGhost malware.

XCodeGhost-infected apps can potentially steal private information and even launch phony authentication dialogues that can be used to attempt to steal usernames and passwords. Despite this capability, no information has yet come to light indicating that the infected apps were used for malicious purposes, such as harvesting personally identifiable information or stealing passwords

The majority of the XCodeGhost-infected apps were authored by Chinese developers who were tricked into downloading fake Apple development libraries. Therefore, the greatest impact of the XCodeGhost appears to be in China.  Some apps have been identified, however, that have world-wide use, including WeChat, Baidu, and others.

If you have an iOS device, our recommendation is that you remove from the device any apps known to be compromised with XCodeGhost. Download and reinstall the app from the Apple App Store once a fixed version has been made available.

A list of known bad apps can be found here: http://www.apple.com/cn/xcodeghost/#english

Additional details on XCodeGhost can be found here: https://labs.opendns.com/2015/09/21/xcodeghost-materializes/

Questions regarding this security alert may be directed to infosec@middlebury.edu.