REUTERS: Apple Inc said the WeChat messaging app and car-hailing app DiDi Taxi were among the 25 most popular apps found to be infected with malicious software, the first-ever large-scale attack on its App Store.
Apple on Sunday said it was cleaning up its App Store after several cybersecurity firms reported that unknown hackers had embedded a malware, dubbed XcodeGhost, in hundreds, possibly thousands, of Chinese apps. “We have no information to suggest that the malware has been used to do anything malicious,” Apple said in its XcodeGhost Q&A Web page.
The company did not previously disclose which apps had been affected, although many had been identified by third parties. Infected apps include Baidu Inc’s Baidu Music app, the 58 Classified-Job, Used Cars, Rent, and a music app from Internet portal NetEase Inc.
Tencent Holdings Ltd is the owner of WeChat. This is the first reported case of large number of malicious software programs making their way past Apple’s stringent app review process.
Prior to this attack, a total of just five malicious apps had ever been found in the App Store, according to cyber security firm Palo Alto Networks Inc. Apple said it was working with developers to get the apps back on the App Store and was blocking new apps that contained the malware. The company also said some of the affected apps could be fixed through updates.
The hackers targeted the App Store using a counterfeit version of Xcode “toolkit”, Apple’s app-building software. Many Chinese app developers downloaded the tainted software kit instead of the original one because of the slow download speeds from Apple’s official servers located overseas.
Apple said it is working to make Xcode faster for Chinese developers to download.