[chvid]

I don't read Chinese but this reads very sensational. For example it says not to download WeChat at all while its sources seem to say it is only an older version that is affected.

The sources seems to be tweet-like forum postings.

Think about it. If Facebook had their releases infected by a virus - what would be needed to convince the world?

It would either require Facebook to officially acknowledge it or have someone do an explicit reproducable analysis of a release.

I.e. this particular version 6.23 of Messenger, signed by Facebook, that you can download here, does sends user information, under these circumstances, to this address which it is clearly not a part of Facebook but belongs to this malicious compiler virus.

[chvid]

I can now see that the developers of WeChat Tencent have acknowledge that a release of theirs has been infected:

http://security.tencent.com/index.php/blog/msg/96

Wrt. to this github:

https://github.com/XcodeGhostSource/XcodeGhost

As far as I can see what this code does is that it sends some basic user information to an external website and it may popup an alert window or open Safari or other apps based on the response of that external website.

It is not a compiler virus and there is nothing on how you can modify an XCode release to add the above into other developers' apps.

[MacsHeadroom]

>It is not a compiler virus

Nobody said it was. Modifying a compiler to inject XcodeGhost is simple assembly work. Almost anyone could figure it out in an afternoon.

Multiple independent security organizations are reporting that the modified XCode release was shared via a filesharing site in China. That is how so many Chinese iOS developers came across it.

The version of XcodeGhost on github is a harmless version posted by the original author. The actual compiled code being found in the wild has malicious abilities not found in the code in that GitHub repo.