Apple’s App Store Has Been Compromised

Cliché Stock Photo

The good news, at least for users here in the West, is that the vast majority of infected apps are the ones targeted for the Chinese market. You might still be at risk, though.

Yesterday Apple disclosed that the first-ever large-scale attack on its app store had taken place. Hundreds of titles are said to be affected—the most notable being Tencent’s WeChat, with about half a billion users.

How did this happen? It seems that some developers have been using bootlegged versions of Xcode, a popular IDE for iOS. Within this software is a trojan dubbed XcodeGhost, which has successfully injected malware into apps during the approval process by Apple.

Apps built with XcodeGhost are reportedly able to “phone home” with sensitive user data, and might obtain additional personal info via phishing attacks.

Tencent has found and removed the malware in their latest update to WeChat, while Apple had this to say to Reuters:

We’ve removed the apps from the App Store that we know have been created with this counterfeit software. We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.

Sources: 9to5Mac, Reuters, South China Morning Post

Leave a Reply