Apple cleans up the App Store after serious malware attack
Apple has started a clean-up operation of the Chinese version of its App Store after it was flooded with apps infected with XcodeGhost malware. The problem was not detected by Apple, but a number of security firms who discovered various malicious iPhone and iPad apps littering the Store.
The apps made their way past Apple's usually-rigorous vetting process after developers were tricked into using a counterfeit version of the Xcode tool to create them. The attack has been described as "a pretty big deal" although at this stage there are no reported instances of data theft or attacks on victims.
Apple spokeswoman Christine Monaghan said: "We've removed the apps from the app store that we know have been created with this counterfeit software. We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps". Reuters reports that high-profile apps were targeted, including Uber clone Didi Kuaidi, and chat app WeChat.
Apple's wall-garden approach in the App Store has previously kept problems with malicious apps to a minimum. But the approach used this time around -- attacking developers rather than users -- highlights a weakness that could be exploited again.
Chinese security firm Qihoo360 Technology said that it had detected 344 apps infected with XcodeGhost. Apple has not yet provided users with any information about how to check their iPhones and iPads to see if they are infected.