Apple has acknowledged that its App Store was hit by a major malware attack for the first time ever. Called XcodeGhost, this malware duped developers and turned their legit apps into a data gold mine for the hackers. Apple told Reuters that it has removed the infected apps from the App Store.
Hackers are said to have duped developers by asking them to use a modified (read: bad) version of Xcode, which is essentially the software used to create iOS and Mac apps. By using XcodeGhost, the developers inadvertently opened their legit apps from sending sensitive information to these hackers.
Some of the notable apps affected by XcodeGhost include the likes of WeChat, CamCard, CamScanner, and Didi Chuxing among others. Most of the affected apps seem to be aimed at the Chinese market. WeChat was quick to issue a fix and says that only those using version 6.2.5 are affected. “A security flaw, caused by an external malware, was recently discovered affecting iOS users only on WeChat version 6.2.5. This flaw has been repaired and will not affect users who install or upgrade WeChat version 6.2.6 or greater, currently available on the iOS App Store,” WeChat revealed in a blog post.
While Apple hasn’t revealed an official number, Security firm Palo Alto Networks claims that there are as many as 39 iOS that have been affected by the malware. As mentioned above, Apple says that it has weeded out these infected apps.
“We’ve removed the apps from the App Store that we know have been created with this counterfeit software,” Apple spokesperson Christine Monaghan told Reuters. “We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.”
Photo: ymgerman / Shutterstock.com