21 September 2015
 
Apple has said it is taking steps to remove malicious code added to a number of apps commonly used on iPhones and iPads in China.
 
It is thought to be the first large-scale attack on Apple’s App Store.
 
The hackers created a counterfeit version of Apple’s software for building iOS apps, which they persuaded developers to download.
 
Apps compiled using the tool allow the attackers to steal data about users and send it to servers they control.
 
Cybersecurity firm Palo Alto Networks – which has analysed the malware dubbed XcodeGhost – said the perpetrators would also be able to send fake alerts to infected devices to trick their owners into revealing information.
 
It added they could also read and alter information in compromised devices’ clipboards, which would potentially allow them to see logins copied to and from password management tools.
 
2015921_85659635_048fc7f6-6f00-455a-ad3c-b1f2577277e0.jpg (624×258)
WeChat is one of China’s most popular chat apps, and is also used outside the country to a lesser extent
 
Infected applications includes Tencent’s hugely popular WeChat app, NetEase’s music downloading app and Didi Kuaidi’s Uber-like car hailing app.
 
Some of the affected apps – including the business card scanner CamCard – are also available outside China.
 
“We’ve removed the apps from the App Store that we know have been created with this counterfeit software,” said Apple spokeswoman Christine Monaghan.
“We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps,” said Christine Monaghan.
 
On its official WeChat blog, Tencent said the security issue affected an older version of its app – WeChat 6.2.5 – and that newer versions were not affected.
 
It added that an initial investigation showed that no data theft or leakage of user information had occurred.
 
Analysis: Dave Lee, North America technology reporter
 
Apple China storeImage copyrightApple
 
In Apple’s walled garden App Store, this sort of thing shouldn’t happen.
 
The company goes to great lengths, and great expense, to sift through each and every submission to the store. Staff check for quality, usability and, above all else, security.
 
The Apple App Store is generally considered a safe haven as the barrier to entry is high – there’s only been a handful of instances of malware found on iOS apps, compared to Google’s Play store which for a while was regarded as something of a “Wild West” for apps (until they introduced their own malware-scanning system too).
 
It makes this attack all the more surprising, as it looks like two groups of supposedly informed people have been caught out.
 
Firstly developers, who security researchers say were duped into using counterfeit software to build their apps, creating the right conditions for the malware to be applied.
 
And secondly, Apple’s quality testers, who generally do a very good job in keeping out nasties, but in this case couldn’t detect the threat.