Apple’s App Store has seen a number of compromised apps being introduced, infected with the XcodeGhost malware. This was caused by developers, mostly in China, installing tweaked versions of Xcode, the app used to develop apps for iOS and OS X.
Apple has published instructions explaining how to validate your version of Xcode. As Apple says,
When you download Xcode from the Mac App Store, OS X automatically checks the code signature for Xcode and validates that it is code signed by Apple. When you download Xcode from the Apple Developer website, the code signature is also automatically checked and validated by default as long as you have not disabled Gatekeeper.
Whether you downloaded Xcode from Apple or received Xcode from another source, such as a USB or Thunderbolt disk, or over a local network, you can easily verify the integrity of your copy of Xcode.
If you’ve gotten Xcode from channels other than the Mac App Store or Apple’s Developer website, make sure to check your copy.
I followed Apple’s instructions, and I get this:
/Applications/Xcode.app: invalid resource directory (directory or signature have been modified)
I’m a bit curious about this. I downloaded my copy from the Mac App Store, and I don’t see how anything can be wrong with it…