Apple’s App Store is under attack on a large scale for the first time. Hackers adopted a strategy of persuading developers to use a counterfeit version of the firm’s own software to embed a malicious code into apps. Apple said it is making efforts to remove the infected code form the apps.
Several popular apps infected
Several applications used by iPhone and iPad users in China have been affected. Tencent’s hugely popular messaging app WeChat, a music downloading app, and a car hailing app similar to Uber are among the most-affected apps. These apps have been created using the counterfeit software XcodeGhost.
The apps Apple is sure were created with the counterfeit software have now been removed from the App Store, Apple spokeswoman Christine Monaghan informed users. The company and developers are working on rebuilding the apps by making use of the proper version of Xcode.
Tencent informed users that the security breach has affected WeChat 6.2.5, which is an older version of the app, while the newer versions are safe. No data theft or leakage of user information took place, revealed the initial investigation. However, the infected apps affected hundreds of millions of users, said the cyber-security firm Palo Alto Networks on Friday. The firm stated on its website, “We believe XcodeGhost is a very harmful and dangerous malware that has bypassed Apple’s code review and made unprecedented attacks on the iOS ecosystem.”
No likely impact on Apple sales
The presence of the malware is expected to have no impact on the sale of Apple products, said the head of consumer electronics at market research firm Euromonitor International, Wee Teck Loo.
Loo told the BBC that in reality, the problem of malware has been there since PC days, and the problem will only multiply with an explosion in the number of mobile devices from 1.4 billion units in 2015 to 1.8 billion in 2020. He said consumers are not as cautious on mobile devices as they are on PCs, adding that in emerging markets like China and Vietnam, users have mobile devices as their first connected product and take security for granted.
Earlier this month, cyber-thieves in China were successful at stealing login names and passwords for more than 225,000 Apple accounts.