Apple’s iOS App Store allegedly plagued by enormous malware attack

Apple had to remove more than 300 malware-infected apps from its app store after the damaged version of its developer tools led to some of Chinese apps that leak the users’ personal information to hackers and outside servers. This past Sunday, the company revealed it had scrubbed its App Store of several hundred primarily Chinese applications unintentionally embedded with malicious software.

“We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps”, Monaghan said, as quoted by The Guardian newspaper.

The malware itself seems to stem from the fact that some iOS developers use crowd-sourcing techniques which adds to their apps being more vulnerable.

According to Palo Alto Networks, the malicious code enabled hackers to upload users’ device information to a command and control server, which gave them the ability to send prompts to the device. Tencent Ltd., operator of the popular WeChat social media service, said its software was affected and the company released a new version after its security researchers found the malicious code.

Palo Alto Networks Director of Threat Intelligence Ryan Olson said the malware had limited functionality and his firm had uncovered no examples of data theft or other harm as a result of the attack. He said that users should be wary of an app even if its developer is trustworthy, to be on the safe side. Since Safari plugins can’t block ads in third-party apps, it is again a win-win situation for Apple, encouraging sites to build apps from which it can collect a 30 percent cut of revenues.

It’s the first time that the Apple software has ever been infected at this scale. The whole hacking started after some developers in China were tricked into using software tools which contained a malicious code.

Palo Alto Networks’ Claud Xiao says in a blog post that these are “unprecedented attacks”.

Frustrated Apple users are complaining again after a malware attack hit the App Store, it has been reported. “Apps like WeChat are used all over the world and there are people running apps developed in China everywhere”. Other attackers may copy that approach, which is hard to defend against, he said. The cyber security firm has updated a list of 50 infected apps that include WeChat, NetEase Cloud Music, WinZip, China Unicom, and Tonghuashun.