Apple removes Apps after major attack

The malicious code spread through a counterfeit version of Apple’s Xcode tools used to create apps for its iPhones and iPads, according to the company.

XcodeGhost is a particularly scary piece of malware as it got into the App Store through Apple’s own developer tool kit, Xcode, specifically a compromised version downloaded from an unofficial source. The Cupertino firm says that it’s working with developers to ensure that they’re using the official version of Xcode to rebuild their apps.

Citing US-based cybersecurity firm Palo Alto Networks, the Wall Street Journal said that the attack affected more than three dozen apps on Apple’s iPhone and iPad devices. Most of the apps affected, such as the ride-hailing service Didi Kuaidi, are most popular in China.

Tencent, which makes the WeChat software with around 500 million users in China said: “A security flaw, caused by an external malware, was recently discovered affecting iOS users”, adding it had repaired the flaw. The malicious code was reportedly embedded in Apps by cyber attackers who had attacked Apple’s program hub.

One developer said that XcodeGhost had already launched phishing attacks aimed at acquiring users’ iCloud passwords, Palo Alto Networks noted.

The discovery of malware in Apple’s App Store is unprecedented for the company, which subjects apps to a stringent review process before publishing them in the App Store.

In other words, Apple’s Gatekeeper technology, which prevents non-App Store and unsigned versions of programs, like Xcode, from being installed, was doing its job. “XcodeGhost is the first compiler malware in OS X. Its malicious code is located in a Mach-O object file that was repackaged into some versions of Xcode installers”.

Apple announced Monday that half of all Apple devices have upgraded to its latest mobile operating system in the past five days, the most rapid adoption of an iOS ever. However, Tencent claimed that it was still investigating the hack and further information will be provided to users.

Lin Wei, head of the security lab at Qihoo360, said it is likely that several smaller app developers are not aware of the problem, so he is continuing to examine apps and notify developers affected by the problem.

It included that an initial investigation revealed that leakage or no data theft of user information had happened.