Update Your iPhone: Apple Releases List of Malware-Infected Apps

Apple said it was working with developers to get the apps back on the App Store and was blocking new apps that contained the malware.

Apple had beforehand not disclosed which apps had been affected, though many had been recognized by third events.

Before this attack, just five malicious apps had ever been found in the store – which is tightly controlled and sees every app vetted by Apple employees. The company said the code proliferated through a counterfeit version of Apple’s Xcode, a developer tool for creating iPhone and iPad apps, which was being used by developers in China. The list does not include any Alibaba or 360 Mobile apps, two prominent mobile studios, even though WeChat was a big offender, none of Tencent’s QQ apps were found with malware either.

However, FireEye said yesterday that the number of affected apps is actually closer to 4000. The majority of the apps that seem to have been infected by the XcodeGhost malware mainly consist of Chinese creations.

The hack led to many very popular apps being infected, including Chinese ride-sharing startup Didi Kuaidi and global instant-messaging service WeChat. Palo Alto Networks, which was among the first to publish details on “XcodeGhost”, as the malware is dubbed, also said that the malicious software may have been able to push dialog boxes to users’ phones asking for personal information. And now, Apple has decided to tackle this problem by providing an official source to developers in the People’s Republic for downloading Xcode domestically, Schiller told the Chinese publication.

He added that the Californian tech giant will soon reveal a list of 25 apps it knows to have been infected.

Apple, on Sunday, confirmed that modified versions of Xcode were being hosted on the cloud storage run by Baidu in China and had successfully infiltrated the App Store of the country. When you download Xcode from the Apple Developer website, the code signature is also automatically checked and validated by default as long as you have not disabled Gatekeeper.

The apps in question were Trojanised by a fake version of developer tool Xcode, which was apparently widely downloaded in China.

“There aren’t going to be tremendous amounts of App Store malware now, but these techniques they used, of piggybacking malware on top of legitimate applications, that’s a really interesting way of getting into the App Store”, he continued.