Apple has removed malware-infected apps from the App Store after acknowledging its first sustained security breach. The malware, known as XcodeGhost, worked its way into several apps by convincing developers to use a modified version of Xcode, the software used to create iOS and Mac software.
“We’ve removed the apps from the App Store that we know have been created with this counterfeit software,” Apple spokesperson Christine Monaghan told Reuters. “We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.”
XCODEGHOST COULD BE “VERY HARMFUL AND DANGEROUS”
Among the more notable apps affected were dominant Chinese messaging app WeChat, popular business card scanner CamCard, and Chinese Uber rival Didi Chuxing. WeChat, which has over 600 million monthly active users, said in a blog post that the exploit only affected a prior version of the app released on September 10th; the present version, released two days later, is clean.
Security firm Palo Alto Networks investigated XcodeGhost and concluded that it was able to prompt fake phishing dialogs, open URLs, and read and write clipboard data, leading the company to call it a “very harmful and dangerous” piece of malware that has affected at least 39 apps.
There’s no evidence that any data theft has occurred yet, but XcodeGhost is worrying because it shows how legitimate developers can be used as a vector for malicious software, bypassing Apple’s code review — a method that the CIA has also considered deploying. Palo Alto’s Ryan Olson told Reuters that the compromised version of Xcode came from a server in China, and may have been used because it was faster to download than the free, official version on Apple’s App Store.