App Store Suffers First Malware Attack, Hundreds of Apps Get Infected

According to the latest report from Reuters, hundreds of apps on the App Store got infected with a malware. This is the first time so many applications fell as victims of hackers and the first time Apple failed to discover the malware before releasing apps to public.

Unknown scammers managed to embed a program called XcodeGhost in hundreds of legitimate and trustworthy apps by convincing the developers to download a malicious version of Xcode from their servers, located in China. The download speed was noticeably faster than the speed offered by Apple, so many developers decided to opt for the counterfeit Xcode version.

The infected apps are capable of creating fake dialog windows to steal user’s sensitive data, tracking passwords and usernames and navigating to malicious URLs that can be used for opening iOS vulnerabilities to scammers.

"We’ve removed the apps from the App Store that we know have been created with this counterfeit software," Apple spokeswoman Christine Monaghan said in an email. "We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps."

According to Chinese security researchers, as many as 344 apps are infected, including popular WeChat, Didi Kuaidi and NetEase. If you have one of those apps installed, I suggest that you should remove them from your device and reset all the settings. Just to be on the safe side, I’d also recommend to restore your device to factory settings.

[via iClarified]