Apple pulls infected apps from iTunes App Store
The malicious apps were capable of duping customers into giving up their iCloud passwords and opening dangerous websites.
The first sign of trouble appeared over the weekend, after security researchers from Palo Alto Networks discovered that 39 iPhone and iPad apps were infected with malware.
Among the infected apps was WeChat, the super-popular Chinese mobile messaging app used by 600 million people.
All of the affected apps were developed in China, and they all used a modified version of Apple’s software development kit, known as Xcode, which had been manipulated by hackers.
Apple’s Xcode provides the tools developers need to build iOS apps.
“We’ve removed the apps from the App Store that we know have been created with this counterfeit software,” Apple said in a statement. “We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.”
Though Apple makes Xcode available for free on its website, the hackers were able to convince the Chinese app makers to download Xcode from their servers instead of Apple’s.
It’s not yet known why the Chinese developers downloaded Xcode from the hackers, but it’s possible the app makers were looking for a faster way to retrieve the Xcode software.
It can be painfully slow to download items from Apple while in China. People in China often try to download apps and tools from alternate websites and servers — but sometimes face bitter consequences for doing so.
Tencent, which makes WeChat, said in a blog post that it has fixed the problem, and customers should upgrade to the latest version of the WeChat app in case they had downloaded the version that contained the malware.
The company said it does not believe the hackers were able to steal customers’ information or money, though it continues to investigate the impact of the attack.
Among the other impacted apps were Didi Chuxing, which is the leading taxi-hailing service in China. Popular train-ticket purchasing app Railway 12306 and China Unicom Mobile Office were also infected by malware.