Apple Inc. said Sunday that it was removing a malicious iPhone and iPad software from its iOS App Store that was identified in the first large attack on the mobile software marketplace.
The company disclosed the attack Sunday after several security firms reported finding a malicious program named XcodeGhost that was embedded in hundreds of legitimate apps on the online store. The program allowed the secret collection of data from users’ devices, and was found on highly popular Chinese apps, including Tencent’s WeChat messaging app, a music downloading app from NetEase, and ridesharing service Didi Kuaidi. A Chinese security firm cited by Gizmodo said a total of 344 apps had been affected.
Tencent, Didi Kuaidi Joint Co. and NetEase all said that their applications had been compromised, but that no data had been lost. “At present, we haven’t discovered any loss of user information or assets as a result of this [breach], though the WeChat team will continue to monitor and do tests,” Tencent said in an online post, according to the Wall Street Journal.
The malicious code had embedded itself in a counterfeit version of Apple's app development software known as Xcode, Apple said. "We've removed the apps from the App Store that we know have been created with this counterfeit software," Apple spokeswoman Christine Monaghan said, according to BBC. "We are working with the developers to make sure they're using the proper version of Xcode to rebuild their apps."
Palo Alto Networks Inc.'s Director of Threat Intelligence Ryan Olson told Reuters that the malware, which replaced legitimate Xcode, was limited in its functionality and said that his firm had found no instances of data theft of other harm from the attack.
However, he said that it was a “pretty big deal" because it was the first instance of the App Store being hit with a large-scale attack. Previously, just five malicious apps had ever been found on the App Store, according to Palo Alto Networks.
The attack comes just weeks after another cyberattack involving malicious software that stole the credentials of 225,000 Apple accounts. The data theft was also believed to have been conducted by Chinese hackers, though users in 17 other nations were also affected.