![\"rotten-apple-image\"](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2013\/02\/rotten-apple-image.jpg\")
<\/p>\n<\/p>\n
The Apple security team has been on high alert following news of the XcodeGhost malware impacting about 39 iOS apps on the App Store, which were made with an unofficial Xcode version. Xcode<\/a> is the\u00a0tool developers use to create OS X and iOS apps.<\/p>\n Apple confirmed on Sunday that a tool used by app developers for iOS devices was copied and modified by hackers to put malicious code into apps available on the App Store, according to The New York Times<\/a>.<\/p>\n Most software developers for iOS and OS X will use Apple’s Xcode library, but as noted by Graham Cluley<\/a>, some\u00a0developers can download it from elsewhere on the Internet, which comes fraught with risks.<\/p>\n Apple spokesperson, Christine Monaghan, told news outlets the fake developer code \u201cwas posted by untrusted sources,\u201d and that Apple has removed the apps from the App Store that it knows have been created with the malicious code.<\/p>\n On iOS devices with the infected apps, security researchers found that the malicious code uploads the device information and app information to its command and control server (C&C).<\/p>\n The malicious code is capable of receiving commands from the attacker through the C&C server to perform a number of actions, including opening particular websites designed to infect the device with more malware, and prompting phishing popup screens that ask potential victims for personal information, such as passwords to their Apple or iCloud accounts.<\/p>\n \u201cSince the [phishing] dialogue is a prompt from the running application, the victim may trust it and input a password without suspecting foul play, \u201c Palo Alto Networks said in its blog post<\/a>.<\/p>\n