Apple App Store hit by first major malware attack

Apple has been fervently cleaning up the iTunes App Store of malicious applications after the virtual marketplace suffered its first ever major malware attack. Word is that the developers behind a long list of infected apps were fooled into using counterfeit Xcode software for their creations. There’s no official announcement about the number of applications affected, though Chinese security firm Qihoo360 Technology claims these add up to 344.

One of the most well known apps to have been infected is WeChat, a WhatsApp rival that’s very popular in China. But the company says the issue can only be seen in v6.2.5 of its messenger software.

It further claims there’s been no theft and leakage of user information or money. Apparently, hackers might have tricked developers into using a bad version of Apple’s legit Xcode tool called XcodeGhost.

Apple App Store XcodeGhost

Apple’s servers may be slow in China, a factor which could have possibly tempted some developers to reach for the malicious software under the impression that it was a mirror download, according to Gizmodo (via Reuters). The actual Xcode software is a file over 3GB in size. iOS users of an affected app wouldn’t be able to tell if they’ve got an infected version of it or not. That’s because XcodeGhost is designed to secretly send device information, passwords and so on to the hackers behind it.

The best users can do it to update all their iOS applications. Apple has always been boastful about the security of its software and app ecosystem as compared to Google’s Android. It can’t been too pleased with all the publicity it’s getting at present. The company says its working with developers to make sure this doesn’t happen again.