Apple has brought down a large number of apps from its store after it was found that around 40 iOS apps had been infected by a modified version of the company’s software for developers.
Christine Monaghan, an Apple spokeswoman, told news outlets that the company removed apps from the App Store that it knows have been created with the counterfeit software, to protect its customers.
Palo Alto Networks reported last week that a new malware, called XcodeGhost, modified the Xcode integrated development environment for building apps for the Mac, iPhone and iPad.
The security firm said Friday that it had found that over 39 apps, including many popular Chinese apps, had been infected by the malware. These included WeChat, a popular chat app from Tencent, Didi Chuxing, developed by Uber’s China rival, and business card scanner CamCard. Some of these apps are used outside China.
Tencent said in a blog post that the flaw only affects version 6.2.5 for iOS and not newer versions of WeChat. It said it had fixed the issue and that it had been found during preliminary investigations that there had been no theft or leakage of users’ information or money.
Palo Alto said it was cooperating with Apple on the breach and recommended that all iOS developers be aware and take necessary actions. XcodeGhost, which targets compilers, collects information on devices and uploads the data to command and control servers.
The mode of attack can also be used to target enterprise iOS or OS X apps in “much more dangerous ways,” Palo Alto researcher Claud Xiao wrote.
The security firm said that XcodeGhost was a “very harmful and dangerous” malware that could prompt fake phishing dialogs, open URLs, and read and write clipboard data, which in some cases can be used to read passwords.
The malware, first reported on Chinese social-networking site Sina Weibo, was later confirmed by security researchers from Alibaba, according to reports. It isn’t clear how the apps passed Apple’s stringent code review. Apple could not be immediately reached for comment.
Some analysts have suggested that the compromised Xcode may have been downloaded from a server in China to get around slow Internet connections to Apple’s own servers. Palo Alto Networks said the modified Xcode was uploaded to Baidu’s cloud file-sharing service for use by Chinese developers. The Chinese company later removed the files.