virus logo Mobile Virus

iOS/XcdGhost.A!tr

description-logoAnalysis

  • This detection is for a malware which was discovered to have been affecting iOS devices.
  • Based on some reports, the malware is distributed through an infected/modified versions of the popular iOS apps development kit XCode.
  • China appears to be the most affected region where the infected development kit was originated.
  • Below are a few of the possible affected iOS apps:
    • Lifesmart 1.0.44
    • CamScanner
    • CamCard v6.5.1
    • SegmentFault 2.8
    • OPlayer 2.1.05
    • WinZip
    • Musical.ly
    • PDFReader
    • guaji_gangtai en
    • Perfect365
    • PDFReader Free
    • WhiteTile
    • IHexin
    • WinZip Standard
    • MoreLikers2
    • CamScanner Lite
    • MobileTicket
    • iVMS-4500
    • OPlayer Lite
    • QYER
    • golfsense
    • ting
    • golfsensehd
    • Wallpapers10000
    • CSMBP-AppStore
    • MSL108
    • ChinaUnicom3.x
    • TinyDeal.com
    • snapgrab copy
    • iOBD2
    • PocketScanner
    • CuteCUT
    • AmHexinForPad
    • SuperJewelsQuest2
    • air2
    • InstaFollower
    • CamScanner Pro
    • baba
    • WeLoop
    • DataMonitor
    • MSL070
    • nice dev
    • immtdchs
    • OPlayer
    • FlappyCircle
    • BiaoQingBao
    • SaveSnap
    • WeChat
    • Guitar Master
    • jin
    • WinZip Sector
    • Quick Save
    • CamCard v.6.5.1


    • recommended-action-logoRecommended Action

    • Make sure that your FortiGate/FortiClient system is using the latest AV database.
    • Quarantine/delete files that are detected and replace infected files with clean backup copies.

    Telemetry logoTelemetry

    Detection Availability

    FortiClient
    Extreme
    FortiMail
    Extreme
    FortiSandbox
    Extreme
    FortiWeb
    Extreme
    Web Application Firewall
    Extreme
    FortiIsolator
    Extreme
    FortiDeceptor
    Extreme
    FortiEDR

    Version Updates

    Date Version Detail
    2021-08-25 88.00629
    2020-08-19 79.74500
    ID 6893875
    Released Sep 21, 2015
    Description
    Updated    		 Sep 23, 2015
    Aliases iPh/XcdGhost-A, Gen:Variant.Trojan.MAC.OSX.XcodeGhost.1, iOS/XcodeGhost.A, HEUR:Trojan.OSX.XcodeGhost.a,
    Platform Profile iOS platform