These developers used a tainted version of Xcode to create apps that contained malicious code. Dozens, if not hundreds, of App Store apps, specifically in China, might be infected by the XcodeGhost malware, and this time, the apps are otherwise legitimate ones and their developers unwitting accomplices.
Advertisement
One Chinese security firm says that as many as 350 apps may be affected.
In a first-of-its-kind attack, dozens of applications in Apple’s official App Store have been infected by a malware which has embedded its code into some of the most popular mobile programs in China, exposing iOS users’ privacy. However, cyber security firm Palo Alto Networks Director of Threat Intelligence Ryan Olson said that the malware had “limited functionality” and no examples of data theft have been found so far. Apple hasn’t said how many apps are affected, but one Chinese security firm put the number at 344.
In a report by Reuters, Apple confirmed on Sunday that the tech-giant has been hard at work removing malicious apps from App Stores for the iPad and iPhone.
Now that the apps have been removed from the App Store, Apple is working with developers to ensure that they use the right version of Xcode so that future attacks can be prevented.
The exploit, dubbed XcodeGhost, could let nefarious parties read and write data in the user’s clipboard, push fake alerts for phishing and open URLs.
Researchers stated contaminated apps included Tencent Holdings Ltd’s 0700.HK fashionable cellular chat app WeChat, automotive-hailing app Didi Kuaidi and a music app from Internet portal NetEase Inc.
Palo Alto said it was cooperating with Apple on the breach and recommended that all iOS developers be aware and take necessary actions.
Tencent said in a blog post that the flaw only affects version 6.2.5 for iOS and not newer versions of WeChat. And considering how much it’s targeting the Chinese market, it perhaps should provide faster means to download Xcode so that developers won’t have to search elsewhere.
Advertisement
The company has not yet clarified how Apple users can identify whether their gadget has been infected or not and how to deal with the issue if it has. Other attackers may copy that approach, which is hard to defend.
