Pangu’s tool to check iOS apps for XcodeGhost malware on jailbreak

// March 4, 2016

Jailbreaked devices like iPhone 6, iPad Air 2 can get infected with an maleware Appstore after a malicious program was found in applications of iPad and iPhone owners located in China. According to the US tech, the apps affected have been removed from Appstore but the people still using the apps may still be affected.


It has been reported that the XcodeGhost malware has affected numerous legitimate apps in the Chinese Appstore. 76 popular apps are affected which includes WeChat, Didi Chixung, Angry Birds 2, NetEase, Micro Channel and more.

This attack originated from malicious code embedded in the apps by unknowing developers. The XcodeGhost program has a malware to forged version of Apple’s software before being sold onto developers. China-based developers chose to use counterfeited version because software downloads much faster in servers from China. This kind of attack has nothing Apple has experienced before.

The Pangu Team, popular Chinese jailbreak developer, has cooperated with Ucloud and has released a tool to find out if any of iOS apps are infected with XcodeGhost. It was mentioned that more than 360 iOS apps and more than 500 million users are affected with this problem.

How To Check If Your Device Is Affected By XcodeGhost Malware?

If you are still unconvinced and want to check if any of your iOS apps are infected by XcodeGhost malware, follow this step by step instructions.

Step 1: Go to Pangu site using your mobile browser, Chrome or Safari.

Step 2: Go to XcodeGhost malware checking tool page.

Step 3: Click the blue button with white words 立即下to start the installation of the tool.


Step 4: When the prompt message appears, click Install.


Step 5: After installing the app, launch it. A prompt message will appear saying that this enterprise app does not trust your phone “Untrusted Enterprise Developer”.


Step 6: Go to Settings App, select General then scroll down to Profiles.

Step 7: In Profiles, you will see a name Shenzhen Avaintel Technology Co., Ldt. Simply tap it and press the Trust button when a message appears.

Step 8: Go back to your Homescreen and launch the XcodeGhost malware checking tool.

Step 9: Press the button 击检测Xcode病毒 in the middle and it will start to check. If your device is not affected, you will be able to see a big green tick. But if you see otherwise, it will advise you to temporarily remove the app from your device until the developers are able to fix the problem.

Some Apps that are infected:


  • WeChat
  • DiDi Taxi
  • 58 Classified – Job, Used Cars, Rent
  • Gaode Map – Driving and Public Transportation
  • Railroad 12306
  • Flush
  • Dark Dawn – Under the Icing City
  • I Like Being With You*
  • Himalaya FM
  • CarrotFantasy*
  • Flush HD
  • Encounter – Local Chatting Tool
  • China Unicom Customer Service
  • CarrotFantasy 2: Daily Battle*
  • Miraculous Warmth
  • Call Me MT 2 – Multi-server version
  • One Piece – Embark
  • Let’s Cook – Receipes
  • Heroes of Order & Chaos
  • Angry Birds 2 – Yifeng Li’s Favorite*
  • Baidu Music – Music Player with Downloads, Ringtones, Music Videos, Radio & Karaoke
  • DuoDuo Ringtone
  • NetEase Music – An Essential for Radio and Song Download
  • Foreign Harbor
  • Battle of Freedom

This are the apps list that are affected for iOS 9, if you have a simple Safari browser popup saying you’re infected with a vrius/malware. Checkout fake Safari popup virus


Leave a Reply