Android has always received flak for being less secure and more prone to attack from malware when compared to iOS. Recently, with the discovery of Stagefright exploit, the poor security of Android’s ecosystem were highlighted once again.

Apple users were quick to point out that the iOS ecosystem is significantly more secure and there has been no major malware attack on the ecosystem over the last few years.

Over the last few days though, a major malware called ‘XcodeGhost’ was found affecting both iOS and OS X platforms. The malware is found inside more than 100+ iOS apps including the likes of WeChat and CamCard that affect potentially millions of iPhones and iPad users out there.

The malware can only steal some trivial device information and upload them to their central servers. More worryingly though, it is capable of receiving commands from hackers and show false login prompts that is potentially more dangerous. The malware infested apps made it to App Store even though Apple reviews every app before publishing it live for download.

XcodeGhost basically infects the Xcode compiler for OS X and iOS, which automatically leads to apps compiled by them being infected as well. The infected Xcode files were primarily downloaded by Chinese developers through Baidu, a file-sharing website in China, so it is not really Apple’s fault here that developers ended up using it. However, Apple is at fault for not the infected apps passing through its review system.

It is entirely possible that other kind of malware infected apps have been present in the iOS App Store since ages and secretly stealing user information.

So, the next time someone points you out that iOS is more secure than Android, be sure to point out to them that malware like XcodeGhost do exist for the ecosystem that put millions of iOS users at risk.