Apple has said it is taking steps to remove a malicious program found in a number of applications used by owners of iPhones and iPads in China.
It is thought to be the first large-scale attack on Apple’s App Store.
The US tech giant said hackers had embedded a malicious code into the apps by persuading developers to use a counterfeit version of the firm’s own software.
The program called XcodeGhost allows hackers to collect data from devices.
The infected applications include many used by iPhone and iPad owners in China such as Tencent’s hugely popular WeChat app, a music downloading app and an Uber-like car hailing app.
A spokeswoman said the apps had now been removed.
“We’ve removed the apps from the App Store that we know have been created with this counterfeit software,” Apple spokeswoman Christine Monaghan said in an email.
“We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.”
‘No data theft’
On its official WeChat blog, Tencent said that the security issue affects an older version of the app – WeChat 6.2.5 and the newer versions were not impacted.
It added that an initial investigation showed that no data theft or leakage of user information had occurred.
Cyber security firm Palo Alto Networks said on Friday that potentially hundreds of millions of users were impacted by the infected apps.
“We believe XcodeGhost is a very harmful and dangerous malware that has bypassed Apple’s code review and made unprecedented attacks on the iOS ecosystem,” the firm said on its website.
But Wee Teck Loo, head of consumer electronics at market research firm Euromonitor International said he does not see any major impact on the sale of Apple products despite the presence of this malware.
“It is definitely embarrassing for Apple but the reality is that malware is a persistent problem since the days of PCs and the problem will multiply as the number of mobile devices explodes from 1.4 billion units in 2015 to 1.8 billion in 2020,” he told the BBC.
In fact, consumers are less cautious on mobile devices than on PCs, he added.
“In emerging markets like China or Vietnam, mobile devices are their first connected product and security is taken for granted,” he said.
“Consumers in emerging markets are also less protective of privacy and security issues,” said Mr Wee.
Earlier this month, login names and passwords for more than 225,000 Apple accounts were stolen by cyber-thieves in China.
It was uncovered by security firm Palo Alto Networks while investigating suspicious activity on many Apple devices. It found a malicious software family that targets unlocked iPhones.
The majority of people affected were in China.