The Financial Times however said that Apple has not explained how the infected apps had got through its security screening for the App Store. Instead of downloading Xcode directly from Apple the third party downloads were altered such that malware was added onto apps with the altered Xcode, now called XcodeGhost.
Advertisement
According to Reuters, hackers duped developers into using a bad version of Apple’s Xcode app-development tools.
“We’ve removed the apps from the App Store that we know have been created with this counterfeit software”, Apple spokeswoman Christine Monaghan said.
Researchers stated contaminated apps included Tencent Holdings Ltd’s 0700.HK fashionable cellular chat app WeChat, automotive-hailing app Didi Kuaidi and a music app from Internet portal NetEase Inc.
According to Mixpanel, an analytics firm based in San Francisco, by Friday almost 24 percent of Apple product users had downloaded the new software.
A malicious program dubbed XcodeGhost has been embedded in hundreds of legitimate apps.
Until now, it was believed that only five apps in Apple’s history had ever succumbed to malware, but this has now changed in a rather big way. This flaw has been repaired and will not affect users who install or upgrade WeChat version 6.2.6 or greater, now available on the iOS App Store.
Following Apple’s launch of “Move to iOS” Android app on September 16, users affirm that the process of migrating data to an iPhone or iPad running on iOS 9 is relatively easy, albeit the loss of some data.
The app also transfers videos, calendars, message history and bookmarks.
WeChat, which has more than 500 million users, said its app was affected by the issue but that it had already fixed the problem earlier this month.
The most surprising thing about all this is that no one seems to point any fingers at the Cupertino tech giant, even though it was Apple’s decision to allow content blocking apps in the iOS App Store that started it all.
Advertisement
Palo Alto Networks has published what it says is a full list of the infected apps.
