Sign up to our newsletter
Apple has removed more than 300 malware-infected apps after confirming the first major breach to its iOS app store, reports The Guardian.
The company confirmed on Sunday that it was cleaning up the store after finding a malicious program, dubbed XcodeGhost, was embedded into hundreds of legitimate apps.
The malicious code was concealed in a counterfeit version of Xcode – Apple’s software for creating apps – which the attackers had somehow convinced developers to use. Users who downloaded these apps were then left exposed, leaking personal information back to the attackers.
“We’ve removed the apps from the App Store that we know have been created with this counterfeit software,” Apple spokeswoman Christine Monaghan told Reuters. “We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.”
Many of the infected apps are said to be aimed at Chinese markets, most notably popular WhatsApp competitor WeChat. The developer said it has already patched the flaw, which would only affect users on version 6.2.5.
“A preliminary investigation into the flaw has revealed that there has been no theft and leakage of users’ information or money,” said a post on the WeChat blog, adding that its team will continue to closely monitor the situation.
The attack on the iOS app store is a warning for Apple, which has a good record of weeding out malicious apps through its stringent review process.
Earlier this year we reported on malicious apps detected on Android’s Google Play store, potentially harvesting the Facebook credentials of as many as 1,000,000 people.
More than ever, then, smartphone users are encouraged to update all apps to the latest versions, while always being careful of the software they download to their devices.
If you’re unsure of what to look for when downloading apps, then remember the tell-tale signs highlighted in our video below.
Image: Ellica / Shutterstock.com
Author Kyle Ellison, ESET