I don't read Chinese but this reads very sensational. For example it says not to download WeChat at all while its sources seem to say it is only an older version that is affected.
The sources seems to be tweet-like forum postings.
Think about it. If Facebook had their releases infected by a virus - what would be needed to convince the world?
It would either require Facebook to officially acknowledge it or have someone do an explicit reproducable analysis of a release.
I.e. this particular version 6.23 of Messenger, signed by Facebook, that you can download here, does sends user information, under these circumstances, to this address which it is clearly not a part of Facebook but belongs to this malicious compiler virus.
As far as I can see what this code does is that it sends some basic user information to an external website and it may popup an alert window or open Safari or other apps based on the response of that external website.
It is not a compiler virus and there is nothing on how you can modify an XCode release to add the above into other developers' apps.
Nobody said it was. Modifying a compiler to inject XcodeGhost is simple assembly work. Almost anyone could figure it out in an afternoon.
Multiple independent security organizations are reporting that the modified XCode release was shared via a filesharing site in China. That is how so many Chinese iOS developers came across it.
The version of XcodeGhost on github is a harmless version posted by the original author. The actual compiled code being found in the wild has malicious abilities not found in the code in that GitHub repo.
On twitter, most of them are under #XcodeGhost[0].
Besides, the (alleged) author has put the source code on github[1].
0. https://twitter.com/hashtag/XcodeGhost?src=hash
1. https://github.com/XcodeGhostSource/XcodeGhost
Update 1: Add the source code of XcodeGhost