The good news, at least for users here in the West, is that the vast majority of infected apps are the ones targeted for the Chinese market. You might still be at risk, though.
Yesterday Apple disclosed that the first-ever large-scale attack on its app store had taken place. Hundreds of titles are said to be affected—the most notable being Tencent’s WeChat, with about half a billion users.
How did this happen? It seems that some developers have been using bootlegged versions of Xcode, a popular IDE for iOS. Within this software is a trojan dubbed XcodeGhost, which has successfully injected malware into apps during the approval process by Apple.
Apps built with XcodeGhost are reportedly able to “phone home” with sensitive user data, and might obtain additional personal info via phishing attacks.
We’ve removed the apps from the App Store that we know have been created with this counterfeit software. We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.