Developers tricked into using XcodeGhost software that infiltrates legitimate apps in an attempt to steal data
Apple has taken down several apps after hundreds were found to have been compromised by a major attack on the App Store.
In the first significant security issue to affect the usually-watertight App Store for the iPhone and iPad, many were found with malicious “XcodeGhost” code inside of them.
The code found its way into the apps because developers had been tricked into using a modified version of Apple’s official software for creating apps, known as Xcode. The code was deeply embedded in the apps, which made it through the Apple reviewers who check every app before they are made available to download.
Security firm Palo Alto Networks said the XcodeGhost code could have reached hundreds of millions of users and taken data such as passwords, although it had not seen any examples of sensitive information being stolen. It said only five App Store apps had previously been found to be malicious.
The malicious software was hosted on Chinese website Baidu, and thus is believed to largely affect apps in China. Some developers download Xcode from unofficial sources in China because it can reportedly take a long time to get it from Apple’s servers.
Tencent, the owner of the popular Chinese social network WeChat, said thata preliminary investigation had found no evidence of data being leaked or stolen, and that its most up-to-date version of the WeChat app was not affected.
However, apps that are available outside of China can also be affected. CamCard, which scans business cards and imports them into a phone’s contacts, is said to have been affected, while WeChat is used around the world, not just in China. Several other scanner apps are among a list of affected software.
Qihoo 360, a Chinese security firm, said it had found 344 apps affected by Xcode Ghost.
“We’ve removed the apps from the App Store that we know have been created with this counterfeit software,” Apple said.
“We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.”
Earlier this month, it emerged that 225,000 iPhone users who had “jailbroken” their iPhones may have had their data stolen by hackers. However, the XcodeGhost code could affect both jailbroken and “stock” devices.
Users who believe they may have been affected should remove any apps that may have been affected, as well as resetting their iCloud software and those associated with any of the affected apps.