Apple App Store Hit By Major Malware Attack

Millions of Apple device users are being warned about a series of potentially dangerous apps following the first major recorded attack on the company’s App Store.

Some of the most popular products on Apple’s App Store, including messaging service WeChat, were found to be affected by malware known as XcodeGhost that can steal user’s private information.

The malware is mainly impacting users in China, but many of the affected apps are recorded as having a global reach, causing Apple and the original app developers to scramble to get the infected products offline.

Counterfeit

“We’ve removed the apps from the App Store that we know have been created with this counterfeit software,” Apple spokesperson told Reuters. “We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.”

Apple declined to say how many apps it had uncovered, and is still to reply to a request for comment from TechWeekEurope.

XcodeGhost was able to penetrate a number of the apps by posing as a modified version of Xcode, the software used by developers to create iOS and Mac software such as apps.

The malware can allow affected apps to start stealing data about users, including sending fake alerts to infected devices that trick their owners into revealing passwords and other information.

Apple store hack

News of the hacked Xcode first appeared on developer forum on Chinese site Weibo, before being further investigated by security researcher Claud Xiao.

“According to one developer’s report, XcodeGhost has already launched phishing attacks to prompt a dialog asking victims to input their iCloud passwords,” said Xiao, who works for security firm Palo Alto Networks.

“Based on this new information, we believe XcodeGhost is a very harmful and dangerous malware that has bypassed Apple’s code review and made unprecedented attacks on the iOS ecosystem. The techniques used in this attack could be adopted by criminal and espionage focused groups to gain access to iOS devices.”

Apple has traditionally prided itself on its stringent security practices, but such standing has left it open to attacks in the past.

Last month, security researchers found adware that exploits a previously known privilege escalation flaw in Mac OS X to install itself in a user’s computer.

And back in November, Palo Alto also uncovered a new form of malware, dubbed WireLurker, which targeted Apple users in China running either Mac OS or iOS through trojanised and repackaged OS X applications.

What do you know about Internet security? Find out with our quiz!

Mike Moore

Michael Moore joined TechWeek Europe in January 2014 as a trainee before graduating to Reporter later that year. He covers a wide range of topics, including but not limited to mobile devices, wearable tech, the Internet of Things, and financial technology.

Recent Posts

Apple, Google Mobile Ecosystems Should Be Investigated, CMA Told

CMA receives 'provisional recommendation' from independent inquiry that Apple,Google mobile ecosystem needs investigation

2 days ago

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

2 days ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

2 days ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

3 days ago

Former Policy Boss At X, Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

3 days ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

3 days ago