Version 6.2.5 of We Chat is what we have verified to be infected.Tencent has updated to 6.2.6, which removed the malicious code.Among the more well-known apps are We Chat (developed by Tencent); Didi Chuxing (developed by Didi Kuaidi) the most popular Uber-like app in China; Railway 12306, the only official app used for purchasing train tickets in China; China Unicom Mobile Office, which is in use by the biggest mobile carrier in China; and Tonghuashun, one of most popular stock trading apps. We Chat 6.2.5 is also infected Some apps are also available from the App Store in other countries.For example, Cam Card, developed by a Chinese company, is the most popular business card reader and scanner in many countries (including the US) around the world. We Chat is the most popular IM app not only in China but also in many countries or regions in Asia Pacific.We Chat has the reputation as being the ‘super app’ which does everything in China.Palo Alto Networks is cooperating with Apple on the issue and we also suggest all i OS developers be aware and take necessary actions.网易云音乐 2.8.3 微信 6.2.5 讯飞输入法 5.1.1463 滴滴出行 220.127.116.11-18.104.22.168 滴滴打车 22.214.171.124 – 3.9.7 铁路12306 4.5 下厨房 4.3.2 51卡保险箱 5.0.1 中信银行动卡空间 3.3.12 中国联通手机营业厅 3.2 高德地图 7.3.8 简书 2.9.1 开眼 1.8.0 Lifesmart 1.0.44 网易公开课 4.2.8 马拉马拉 1.1.0 药给力 1.12.1 喜马拉雅 4.3.8 口袋记账 1.6.0 同花顺 9.60.01 快速问医生 7.73 懒人周末 微博相机 豆瓣阅读 Cam Scanner Cam Card v6.5.1 Segment Fault 2.8 炒股公开课 股市热点 新三板 滴滴司机 OPlayer 2.1.05 电话归属地助手 3.6.5 愤怒的小鸟2 2.1.1 夫妻床头话 1.2 穷游 6.6.6 我叫MT 5.0.1 我叫MT 2 1.10.5 自由之战 1.1.0 Fox-IT (fox-it.com), a Netherlands based security company, checked all C2 domain names from our reports in their network sensors and has found thousands of malicious traffic outside China.
We now believe many more popular i OS apps have been infected, including We Chat, one of the most popular IM applications in the world.After we posted the report, some security companies like Qihoo 360 scanned popular apps in App Store by code analysis; and some i OS developers analyzed some more apps using crowd-sourcing techniques.Several Internet companies such as Tencent, Net Ease, and Jianshu, have made statements on their respective affected products..We checked these apps and list them below in this report.
Yesterday we posted an analysis report on a novel malware Xcode Ghost that modifies Xcode IDE to infect Apple i OS apps.
In the report, we mentioned that at least two popular i OS apps were infected.