Dozens of iOS apps in Apple’s App Store were infected with malware in recent days, including hugely popular Chinese social networking apps, in what appears to be first major case of hackers breaching Apple’s highly controlled mobile software ecosystem.
Apple said Sunday it had removed apps from the App Store that were known to include the malicious code, but not before apps like WeChat, which has hundreds of millions of Chinese users, had been distributed with malware that could attempt to steal users’ passwords and other information.
WeChat, which has more than 500 million users, said its app was affected by the issue but that it had already fixed the problem earlier this month. It said its version 6.2.5, released on Sept. 10, was infected, but version 6.2.6, released Sept. 12, was not. So far, there has been no sign of “theft and leakage of users’ information or money,” the company added.
Both the app developers and Apple were apparently unaware that the apps had been infected. Hackers succeeded by tricking the app developers into downloading a modified version of Xcode, the software that developers use to create iOS apps. This fake version of Xcode included the malware, which then made its way into the apps, which were then uploaded to the App Store.
According to Palo Alto Networks, a security company that discovered the issue, the malware could potentially prompt users to enter passwords and then steal them; hijack certain URLs that a user attempted to open; or grab information off a user’s clipboard. Palo Alto Networks said it identified at least 39 apps that had been affected, including at least one that tried to steal users’ iCloud passwords.
Xcode, which is essential software for app makers, is a huge and complex program, and it takes a long time to download from Apple (it’s 3.59GB). Ryan Olson, Palo Alto Networks’ director of threat intelligence, told Reuters that hackers might have convinced Chinese developers to download the malicious version of Xcode because it would download faster in China.
Apple didn’t specify how many apps it had removed as part of its response. “To protect our customers, we’ve removed the apps from the App Store that we know have been created with this counterfeit software and we are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps,”
– mashable