Hackers Infect App Store with Malware, Apple Pulls Infected Apps

In the first major malware attack suffered by Apple’s iOS store, malicious attackers added rogue code into a modified version of Apple’s XCode. The malware-laced IDE was downloaded by several developers, unbeknownst to them. Since then, Apple has taken measures to take down the infected applications.

Malicious hackers have infected third-party downloads of XCode, the tool used by developers for creating iOS and Mac OS applications, reports Forbes. According to the publication, the hackers behind the exploit are seeking iCloud login details, among other sensitive data.

Apple has removed more than 300 applications laced with malware from its app store after being notified of its first major malware attack.

Prior to this incident, a total number of just five malicious applications broke through Apple’s strict review process before being removed from the app store, according to cybersecurity firm Palo Alto Networks.

Hackers Take a Unique Approach to Infect Malware into iOS Apps

To circumvent Apple’s App Store review team, the hackers took advantage of China’s internet firewall policy. Due to the country’s strict censorship of the internet, in general, connections made to international servers are slower than those toward servers situated within China.

As a result, internet users in China choose local servers hosting large files instead of unreliable connections established with international servers.

XCode 7.1, the latest version of Apple’s developer tools is over 4 GB in size and Chinese developers often download versions hosted locally. It’s these locally stored servers wherein some versions of XCode were infected with the malware known as “XcodeGhost.”

In an emailed statement to the Guardian, Christine Monaghan, an Apple spokeswoman said:

“We’ve removed the apps from the app store that we know have been created with this counterfeit software. We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.”

Popular affected apps include:

  • WeChat
  • Didi Kuaidi
  • Angry Birds 2
  • CamCard
  • CamScanner Pro
  • FlappyCircle
  • Instafollower
  • PDFReader Free
  • PocketScanner and more

Palo Alto Networks also made a similar discovery last month when hackers targeted over 225,000 jailbroken Apple devices.