Now rumors on the Internet are linking the attack based in XcodeGhost to operations conducted by the CIA (Central Intelligence Agency).

The XcodeGhost is used by hackers to take over the victim’s mobile device, it is able to steal credentials, Hijack user’s traffic, and steal iCloud passwords from the device.

The attack method implemented by the XCodeGhost is similar to the one developed by the experts at the Central Intelligence Agency (CIA) which was reported by The Intercept in March 2015.

The report, published by The Intercept, is based on documents leaked by Edward Snowden, it described the effort of the US intelligence in exploiting the Xcode as a vector of infection. The US Intelligence was able to use it to establish a backdoor into iOS apps avoiding any control.

Every app built with the bogus version of Xcode were able to spy on users.

“The security researchers also claimed they had created a modified version of Apple’s proprietary software development tool, Xcode, which could sneak surveillance backdoors into any apps or programs created using the tool. Xcode, which is distributed by Apple to hundreds of thousands of developers, is used to create apps that are sold through Apple’s App Store.The modified version of Xcode, the researchers claimed, could enable spies to steal passwords and grab messages on infected devices. Researchers also claimed the modified Xcode could “force all iOS applications to send embedded data to a listening post.” It remains unclear how intelligence agencies would get developers to use the poisoned version of Xcode.” states an excerpt from the report published by The Intercept.

The description matches with the XCodeGhost attack, of course, these are just assumptions, but many security experts consider plausible the entire story.

Pierluigi Paganini

(Security Affairs – XCodeGhost Attack, Apple)