Among the infected apps were Tencent’s WeChat app, the auto hailing app from Didi Kuaidi and the NetEase music download app as well as the business card scanner CamCard.
Advertisement
Because of that trick, the app publishers, themselves, didn’t know that they’re in fact distributing apps with malware. Apple advises all users to erase those apps or upgrade to a newer version that is not afected by the malware. The tool can take up to several minutes to complete the assessment for Xcode.
Apple usually distributes the tool itself.
Following a software upgrade “there’s no longer any threat”, it said in an online statement.
The hackers tempted developers to download the infected toolkit as it promised that it will be faster to download from Baidu’s cloud service. And now the app provides even more convenience with terrific updates for both watchOS 2 and iOS 9.
The Background App Refresh feature was also found in the previous iOS versions.
Instant-messaging app WeChat, which has hundreds of millions of users, was among them.
This security breach is surprising.
The company is taking measures to ensure that developers are using the legitimate Xcode software.
As shared with you earlier today, Apple has outlined steps to help developers validate the installation of Xcode installed on their Mac.
Apple did not immediately respond to a request for comment.
Apple Inc’ s AAPL iOS app store has come under a big scale malware attack. It is said that the counterfeit tools spread when developers obtained them through “untrusted sources” rather than directly from the company.
However, a Dutch security company followed up with its own investigation, identifying dozens of additional apps. The firm famously subjects developers to stringent screening processes that can often hold up an app’s launch but allows Apple to promise customers the peace of mind that any app they download from its store is safe. After the top 25 impacted apps, the number of impacted users drops significantly.
Advertisement
It’s also not clear as to how those users will be notified to delete or upgrade to the most recent version of those applications. Its creators were able to sneak the malicious code into the apps without the app developers’ knowledge.
