Apple has suffered its first major attack on the App Store and yesterday confirmed that it had removed the offending apps. Apple says hackers modified the tool, called Xcode, that developers use to create iOS apps. Developers who mistakenly used the counterfeit XcodeGhost created apps that had the malicious code in them. Among the affected apps, per the Verge: ride-hailing app Didi Kuaidi and messaging app WeChat, both popular in China. Before the breach, just five App Store apps had ever been considered malicious, reports Reuters. By security firm Palo Alto Networks’ initial count, at least 39 apps had been infected, though Chinese security company Qihoo says it has found more than 300 infected apps, per the Telegraph.
“To protect our customers, we’ve removed the apps from the App Store that we know have been created with this counterfeit software,” an Apple rep says. The New York Times explains that after download, the infected apps’ code could trigger certain websites to open that subsequently further infect the phone; the code can also force pop-ups that request things like passwords. Reuters notes developers may have used the bad version of Xcode because it was held on a Chinese server and could possibly be downloaded faster than Apple’s version on US servers. The Verge’s take: “XcodeGhost is worrying because it shows how legitimate developers can be used as a vector for malicious software, bypassing Apple’s code review.”