Threat description




Backdoor:iPhoneOS/XCodeGhost identifies iOS apps that include code introduced when the software was created using a maliciously-modified version of the Xcode app creation framework.


Automatic action

Depending on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the suspect file, or ask you for a desired action.

More scanning & removal options

More information on the scanning and removal options available in your F-Secure product can be found in the Help Center.

You may also refer to the Knowledge Base on the F-Secure Community site for more information.

Contact Support

F-Secure customers can request support online via the Request support or the Chat forms on our Home - Global site.

Technical Details

In late September 2015, security researchers discovered apps containing malicious code were being offered in the iOS App Store. Further investigation revealed that the apps had been unknowingly created by legitimate developers using a version of the popular Xcode app creation platform that had been modified to silently introduce code into the programs it was used to create. The trojanized Xcode software had been distributed by the attackers on forums that developers often frequented.

Once installed on a user's device, the code-tainted apps were able to read and alter information on the device, as well as silently sending data to remote servers. The majority of the affected users were reportedly from China, though researchers have noted that affected apps were downloaded in other regions as well.

Following news of the discovery, the compromised apps were removed from the App Store.

For more information about the incident, see:

Submit a Sample

Suspect a file or URL was wrongly detected? Send it to our Labs for further analysis

Submit a Sample

Scan & Clean Your PC

F-Secure Online Scanner will scan and clean your PC in just a few minutes for free

More Info