Threat Encyclopedia

iOS/XcdGhost.A!tr

description-logoAnalysis


  • This detection is for a malware which was discovered to have been affecting iOS devices.
  • Based on some reports, the malware is distributed through an infected/modified versions of the popular iOS apps development kit XCode.
  • China appears to be the most affected region where the infected development kit was originated.
  • Below are a few of the possible affected iOS apps:
    • Lifesmart 1.0.44
    • CamScanner
    • CamCard v6.5.1
    • SegmentFault 2.8
    • OPlayer 2.1.05
    • WinZip
    • Musical.ly
    • PDFReader
    • guaji_gangtai en
    • Perfect365
    • PDFReader Free
    • WhiteTile
    • IHexin
    • WinZip Standard
    • MoreLikers2
    • CamScanner Lite
    • MobileTicket
    • iVMS-4500
    • OPlayer Lite
    • QYER
    • golfsense
    • ting
    • golfsensehd
    • Wallpapers10000
    • CSMBP-AppStore
    • MSL108
    • ChinaUnicom3.x
    • TinyDeal.com
    • snapgrab copy
    • iOBD2
    • PocketScanner
    • CuteCUT
    • AmHexinForPad
    • SuperJewelsQuest2
    • air2
    • InstaFollower
    • CamScanner Pro
    • baba
    • WeLoop
    • DataMonitor
    • MSL070
    • nice dev
    • immtdchs
    • OPlayer
    • FlappyCircle
    • BiaoQingBao
    • SaveSnap
    • WeChat
    • Guitar Master
    • jin
    • WinZip Sector
    • Quick Save
    • CamCard v.6.5.1


  • recommended-action-logoRecommended Action

    • Make sure that your FortiGate/FortiClient system is using the latest AV database.
    • Quarantine/delete files that are detected and replace infected files with clean backup copies.