Menu
Apple brings down malware-infected apps from store

Apple brings down malware-infected apps from store

A large number of popular Chinese apps were affected in the security breach

Apple has brought down a large number of apps from its store after it was found that around 40 iOS apps had been infected by a modified version of the company's software for developers.

Christine Monaghan, an Apple spokeswoman, told news outlets that the company removed apps from the App Store that it knows have been created with the counterfeit software, to protect its customers.

Palo Alto Networks reported last week that a new malware, called XcodeGhost, modified the Xcode integrated development environment for building apps for the Mac, iPhone and iPad.

The security firm said Friday that it had found that over 39 apps, including many popular Chinese apps, had been infected by the malware. These included WeChat, a popular chat app from Tencent, Didi Chuxing, developed by Uber's China rival, and business card scanner CamCard. Some of these apps are used outside China.

Tencent said in a blog post that the flaw only affects version 6.2.5 for iOS and not newer versions of WeChat. It said it had fixed the issue and that it had been found during preliminary investigations that there had been no theft or leakage of users' information or money.

Palo Alto said it was cooperating with Apple on the breach and recommended that all iOS developers be aware and take necessary actions. XcodeGhost, which targets compilers, collects information on devices and uploads the data to command and control servers.

The mode of attack can also be used to target enterprise iOS or OS X apps in "much more dangerous ways," Palo Alto researcher Claud Xiao wrote.

The security firm said that XcodeGhost was a "very harmful and dangerous" malware that could prompt fake phishing dialogs, open URLs, and read and write clipboard data, which in some cases can be used to read passwords.

The malware, first reported on Chinese social-networking site Sina Weibo, was later confirmed by security researchers from Alibaba, according to reports. It isn't clear how the apps passed Apple's stringent code review. Apple could not be immediately reached for comment.

Some analysts have suggested that the compromised Xcode may have been downloaded from a server in China to get around slow Internet connections to Apple's own servers. Palo Alto Networks said the modified Xcode was uploaded to Baidu's cloud file-sharing service for use by Chinese developers. The Chinese company later removed the files.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Featured

Slideshows

Meet the leading female front runners of the Kiwi channel

Meet the leading female front runners of the Kiwi channel

Reseller News honoured the leading female front runners of the New Zealand channel at the 2018 Women in ICT Awards (WIICTA) in Auckland. The awards honoured standout individuals across seven categories, spanning Entrepreneur; Innovation; Rising Star; Shining Star; Community; Technical and Achievement.

Meet the leading female front runners of the Kiwi channel
Meet the top performing customer-centric Microsoft channel partners

Meet the top performing customer-centric Microsoft channel partners

Microsoft honoured leading partners across the channel following a year of customer innovation and market growth in New Zealand. The 2018 Microsoft Partner Awards recognised excellence within the context of the end-user, spanning a host of emerging and established providers.

Meet the top performing customer-centric Microsoft channel partners
Reseller News launches new-look Awards at 2018 Judges’ Lunch

Reseller News launches new-look Awards at 2018 Judges’ Lunch

Introducing the Reseller News Innovation Awards, launched to the channel at the 2018 Judges’ Lunch in Auckland. With more than 70 judges now part of the voting panel, the new-look awards will reflect the changing dynamics of the channel, recognising excellence across customer value and innovation - spanning start-ups, partners, distributors and vendors.

Reseller News launches new-look Awards at 2018 Judges’ Lunch
Show Comments