Apple Ransomware KeRanger
The first fully functional ransomware targeting Apple Inc.’s Mac OS X operating-system software was discovered within a package associated with the BitTorrent client Transmission, which is used for file sharing. Reuters/Mike Segar

Apple is taking steps to prevent tainted apps from making their way onto the App Store. This includes making it easier for Chinese developers to download its official app tools from Chinese domestic servers, Phil Schiller, Apple senior vice president of marketing told Chinese news agency

Schiller’s comments come two days after Apple acknowledged that several apps on its store were compromised by XcodeGhost -- a piece of malware that infected apps built by developers using a tainted version of Apple’s Xcode programming tools. Apple makes the tools freely available to developers through its Mac App Store. But some Chinese programmers turned to downloading Xcode from unofficial third-party sources, because download speeds were too slow from the company’s overseas servers, according to Reuters.

Developers then unknowingly published their infected apps, which were distributed through the App Store. Apple has already removed known infected apps from its store and it has set up a support page, where it will post a list of the 25 most popular apps affected by the malware.

“After the top 25 impacted apps, the number of impacted users drops significantly,” Apple’s support page reads. Messaging app WeChat and a Chinese version of “Angry Birds 2” were among some of the infected apps. Customers should delete the infected apps from their iPhone, iPad or iPod Touch until a clean version of the respective app is released.

Apple also outlined steps for developers to check that their version of Xcode is authentic and unmodified:

To verify the identity of your copy of Xcode run the following command in Terminal on a system with Gatekeeper enabled:

spctl --assess --verbose /Applications/

where /Applications/ is the directory where Xcode is installed. This tool performs the same checks that Gatekeeper uses to validate the code signatures of applications. The tool can take up to several minutes to complete the assessment for Xcode.

After the command is run, the tool will display up to three valid responses, depending on where Xcode was downloaded from.

Mac App Store

/Applications/ accepted

source=Mac App Store

Apple Developer Portal

“/Applications/ accepted



“/Applications/ accepted

source=Apple System”

If the tools display any responses other than “accepted” or from sources not from Apple, developers should download a fresh copy of Xcode from the company's website.

While Apple is expected to post the top 25 infected apps on its site, hundreds of apps may be affected by XcodeGhost, according to security companies such as Palo Alto Networks and Qihoo 360.