Update 1: The list of apps has now been updated with apps identified by Dutch security company Fox-IT. The company is reporting seeing malware traffic from the apps in Europe.

Update 2: Rovio has advised that only the version of Angry Birds 2 in the Chinese App Store was affected.

I wish to clarify that Rovio can confirm that only the Chinese build of Angry Birds 2 — available only on the App Store in Mainland China, Taiwan, Hong Kong and Macau — is vulnerable to the security issue. All other builds of Angry Birds 2 available in other countries are completely safe and secure. An update of Angry Birds 2 for customers in Mainland China, Taiwan, Hong Kong and Macau that fixes the issue is coming very shortly.

After yesterday’s revelation that hundreds of iOS apps on the App Store had been infected by malware, security company Palo Alto Networks has posted a list of some of the affected apps – which include Angry Birds 2.

The apps were infected by a fake copy of Xcode dubbed XcodeGhost, unwittingly downloaded by Chinese developers in place of the real thing. It’s believed they downloaded the fake from local servers because it took too long to download the original from Apple’s own servers. It’s not yet known why Apple’s own checks did not detect the malware when apps were submitted to the App Store.

It’s been suggested that over 300 apps are infected, with 31 of them so far identified (list below) … 

  • Angry Birds 2
  • CamCard
  • CamScanner
  • Card Safe
  • China Unicom Mobile Office
  • CITIC Bank move card space
  • Didi Chuxing developed by Uber’s biggest rival in China Didi Kuaidi
  • Eyes Wide
  • Flush
  • Freedom Battle
  • High German map
  • Himalayan
  • Hot stock market
  • I called MT
  • I called MT 2
  • IFlyTek input
  • Jane book
  • Lazy weekend
  • Lifesmart
  • Mara Mara
  • Marital bed
  • Medicine to force
  • Micro Channel
  • Microblogging camera
  • NetEase
  • OPlayer
  • Pocket billing
  • Poor tour
  • Quick asked the doctor
  • Railway 12306 the only official app used for buying train tickets in China
  • SegmentFault
  • Stocks open class
  • Telephone attribution assistant
  • The driver drops
  • The Kitchen
  • Three new board
  • Watercress reading
  • WeChat

Although it’s unclear whether U.S. and European app stores have been affected, the safest course if you have any of the apps installed is to delete them and then download again from the App Store as and when available. Apple says that it has removed all the infected versions and is working with developers to get clean versions uploaded in their place.

Interestingly, a Snowden leak from the CIA’s internal wiki system suggested that the agency had considered using a modified version of Xcode as an attack vector.

Via Business Insider