I just came across an article on Reddit about some iOS malware called XcodeGhost that has affected many apps in Apple's Chinese App Store. After reading more about it, I thought it was pretty incredible how the attackers had pulled this off. As the name might imply, the malware was not loaded onto iOS devices because the iOS devices were directly hacked, but rather it was the Xcode versions used by the developers of legitimate apps that were hacked! Basically, some devs were using hacked Xcode versions that had been secretly edited to inject code into a legitimately signed app, which somehow managed to go undetected in the approval process for the app store. Here is the story.