Apple Cleans House after App Store Suffers Malware Attack

Apple has discovered a malware breach in its App Store and has successfully removed infected apps.

Recently, Apple’s App Store suffered a security breach with dozens of applications infected with malicious software (or malware, as it is commonly known). The attackers created a fake version of Apple’s XCode – which is used to create applications for the App Store – and encouraged legitimate developers to download it.

The developers who used the code may have had no idea it was infected with malware, turning their applications into dangerous software. They likely downloaded it from local websites due to slow download speeds from Apple’s distant US servers.

Aptly named XCodeGhost, apps made from this counterfeit program are capable of reading and altering information copied from the clipboard (the iPhone and iPad’s copy + paste function), which could allow them to read anything from harmless chatter to usernames, passwords, and worse, credit card numbers, enabling the hackers to steal money.

However, most of the afflicted applications are aimed at Chinese audiences.

One notable mention is WeChat, a popular messaging service – identical to Viber and WhatsApp – has been compromised. However, WeChat has released a statement saying that only the older versions of the app are affected in its official blog. Downloading the updated version of the application will solve the problem. The company has also stressed there were no reports of theft in its initial investigation.

According to a security firm, Palo Alto Research Network, there are currently 39 affected apps. The number is projected to balloon to over 300.

The App Store has been relatively secure, considering there have only been five malware-infected apps which have breached Apple’s screening, testing, and security protocols. Currently, there are over 1.5 million applications on the App Store.

This is the first large-scale malware attack which direly affected Apple, proving that even the strongest protective measures can be breached.

Leave a Reply

Your email address will not be published.