Apple withdraws some China apps after malware found
Apple Inc. says it has removed some applications from its App Store after they were found to contain malicious software in an unusual security breach.
The company on Monday blamed the breach on the use by some developers of a fake version of a software tool that was posted on Chinese websites and included the malicious software.
Apps compiled using the tool allow the attackers to steal data about users and send it to servers they control.
Tencent Ltd., operator of the popular WeChat social media service, said its software was affected and the company released a new version after its security researchers found the malicious code.
The BBC reports:
Cybersecurity firm Palo Alto Networks – which has analysed the malware dubbed XcodeGhost – said the perpetrators would also be able to send fake alerts to infected devices to trick their owners into revealing information.
It added they could also read and alter information in compromised devices’ clipboards, which would potentially allow them to see logins copied to and from password management tools.
In an update on its blog, WeChat said the malware did not affect older versions of the app, and that the “flaw has been repaired and will not affect users who install or upgrade WeChat version 6.2.6 or greater, currently available on the iOS App Store”.
Other apps affected included popular apps used to book train tickets, stock trading apps, and popular ride-hailing app Didi Kuaidi.
The emergence of such a large scale attack on Apple’s App Store comes as something of an embarrassment for the California tech giant, which goes to great lengths to keep the store and the apps sold on it secure.
“We’ve removed the apps from the App Store that we know have been created with this counterfeit software,” said Apple spokeswoman Christine Monaghan.
“We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps,” she added.
Additional reporting from Associated Press
- Will AI put an end to the gig economy?
- Creating a recipe for sustainable data centers
- New types of malware surge by 70%, and cybercriminals increasingly target governments worldwide
- What could AI and automation look like in 2024?
- From AI-powered chips to chatbot: Here’s what was unveiled at AWS re-Invent 2023