Multiple iOS applications placed in Apple’s App Store were infected with malicious code inclung apps introducing one of the most popular Chinese social networks.
The Cupertino based company announced Sunday that it had removed all the malicious apps but admitted that it was too late as popular in China apps like WeChat, which is used by millions of users, had been distributed with malware that could attempt to steal users’ passwords and other information.
“We’ve removed the apps from the App Store that we know have been created with this counterfeit software,” Apple spokeswoman Christine Monaghan said in an email. “We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.”
“Both the app developers and Apple were apparently unaware that the apps had been infected. Hackers succeeded by tricking the app developers into downloading a modified version of Xcode, the software that developers use to create iOS apps. This fake version of Xcode included the malware, which then made its way into the apps, which were then uploaded to the App Store,” Mashable reports.
“Xcode, which is essential software for app makers, is a huge and complex program, and it takes a long time to download from Apple (it’s 3.59GB).”
Palo Alto Networks Director of Threat Intelligence Ryan Olson reported that the malicious software had seriously cut functionality but his company hadn’t noticed any examples of data theft or other harm as a result of the attack.
However, he went on, adding it was “a pretty big deal” as this situation unveiled that the App Store could be compromised by hackers. Alto supposes that those who also want to attack iOS users can copy that approach, which is hard to defend against. “Developers are now a huge target,” he concluded.
The tainted version of the malicious software was downloaded from a server in China that developers may have used because it allowed for faster downloads than using Apple’s U.S. servers, Olson said.
Chinese security firm Qihoo360 Technology Co said on its blog that it had uncovered 344 apps tainted with XcodeGhost.
Meanhile, experts say they said he did not forecast a major impact on the sale of Apple products.
“It is definitely embarrassing for Apple but the reality is that malware is a persistent problem since the days of PCs and the problem will multiply as the number of mobile devices explodes from 1.4 billion units in 2015 to 1.8 billion in 2020,” Wee Teck Loo, head of consumer electronics at market research firm Euromonitor International, said.
He went on, adding that actually consumers are less cautious on mobile devices than on PCs.
“In emerging markets like China or Vietnam, mobile devices are their first connected product and security is taken for granted,” the expert conluded. “Consumers in emerging markets are also less protective of privacy and security issues.”