Share

Apple’s App Store suffers first major malware attack; WeChat among China

Apparently XcodeGhost shoehorned its way into the software developers use to create apps for iOS and Mac, called Xcode, fooling app creators into thinking it was the legitimate version of the program.

Advertisement

The attackers behind the malware created a modified, counterfeit version of Apple’s Xcode developer software and posted it online for developers to download and use.

The affected applications included the popular WeChat app, the vehicle hailing app Didi Kuaidi and a music downloading app.

Some of the affected apps – including the business card scanner CamCard – are also available outside China.

App Store finally got hacked. Prior to this attack, only five malicious apps had ever been found in the App Store, according to cyber security firm Palo Alto Networks Inc. Apple has always been boastful about the security of its software and app ecosystem as compared to Google’s Android.

A statement from Apple said the company had removed the virus and was working with developers to make sure it wouldn’t happen again.

The company has removed the apps from the store.

As of the time of the writing of the blog on Friday, Palo Alto Networks said 39 iOS apps were infected.

App Store of Apple’s is generally considered to be more secure than Google Play store, thanks to Cupertino’s rigorous approval process.

Ryan Olson, Palo Alto Networks Director of Threat Intelligence disclosed that Malware had restrained functionality and his company had stripped no citations of data theft or other danger as an effect of the attack on Apple. The Verge’s take: “XcodeGhost is worrying because it shows how legitimate developers can be used as a vector for malicious software, bypassing Apple’s code review”.

Commentators said it was the most serious attack yet on the iPhone maker, which prides itself on its security and that up to now has managed to restrict hackers to a handful of minor breaches.

Advertisement

A Forbes contributor says Apple’s large events motivate casual users to upgrade to the latest and most secure version of its software.

Hundreds of apps are reportedly affected