Apple’s App Store has been hit by a major malware attack that has affected a number of apps. As a result of the attack, the company has removed apps from the App Store that were infected with the malicious code.
Apple took this measure after several cyber security firms reported finding a malicious program dubbed XcodeGhost that was embedded in hundreds of apps. Most of the iPhone and iPad apps affected seem to be aimed at the Chinese market and included some of most prominent ones like WeChat, Didi Kuaidi and a music app from Internet portal NetEase Inc. The attack is said to affect more than three dozen apps, according to U.S.-based cybersecurity firm Palo Alto Networks Inc.
App developers and Apple had no idea that the apps had been infected. Apparently, hackers succeeded by tricking the app developers into downloading a modified version of Xcode which is a software that developers use to create iOS apps. This fake version of Xcode included the malware, that made its way into the apps, which were then uploaded to the App Store. Researchers said that the infected apps can transmit information about a user’s device, prompt fake alerts that could be used to steal passwords to Apple’s iCloud service and read and write information on the user’s clipboard. Apple has not specified how many apps it had removed as part of its response.
“We’ve removed the apps from the App Store that we know have been created with this counterfeit software. We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.”
told Apple spokeswoman Christine Monaghan to Reuters.