apple-security

Apple is fully aware of the recent malware attack on several of its App Store apps, according to an Apple rep that spoke with Reuters via email. It has begun removing all known apps that have been infected, and is working with developers affected by the breach.

XcodeGhost, as we told you about yesterday, is malware that is attached to several legitimate App Store apps. The apps were infected due to using an illegitimate version of Xcode, which was downloaded from a third-party server in China. Most of the infected apps are of Chinese origin, but there are a few apps impacted, WeChat to name one, that are popular in other territories.

Here’s Apple’s statement to Reuters:

“We’ve removed the apps from the App Store that we know have been created with this counterfeit software,” Apple spokeswoman Christine Monaghan said in an email. “We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.”

Reading between the lines here, there may be remaining apps still available on the App Store that are still affected, but Apple is undoubtedly working hard on identifying every single last app that has been targeted by the malware.

Xcode is the IDE tool used by developers to create, compile, and deploy both mobile apps and desktop apps to the App Store and Mac App Store. By infecting the very source of an app’s creation, it makes it easier to sneak by the App Store review process undetected.

Developers should only download Xcode from the Mac App Store or Apple’s official developer portal. Downloading Xcode or any developer related assets from third-party sources is just asking for trouble.

From the sound of Palo Alto Network’s original report, it doesn’t appear as if the attack resulted in stolen user information. Still, this is the first wide scale breach of the App Store, and as such, it’s cause for legitimate concern.

There’s no current Apple-sanctioned method for a user to identify whether or not they’ve has been compromised, but we’ve heard that the Pangu team, the same team behind iOS jailbreaks for iOS 8, has released a tool to help identify infected apps.

Source: Reuters

  • Leo Saint

    tsProtector 8 jailbreak app

    • DevXav

      List of infected apps

      Angry Birds 2
      CamCard
      CamScanner
      Card Safe
      China Unicom Mobile Office
      CITIC Bank move card space
      Didi Chuxing developed by Uber’s biggest rival in China Didi Kuaidi
      Eyes Wide
      Flush
      Freedom Battle
      High German map
      Himalayan
      Hot stock market
      I called MT
      I called MT 2
      IFlyTek input
      Jane book
      Lazy weekend
      Lifesmart
      Mara Mara
      Marital bed
      Medicine to force
      Micro Channel
      Microblogging camera
      NetEase
      OPlayer
      Pocket billing
      Poor tour
      Quick asked the doctor
      Railway 12306 the only official app used for buying train tickets in China
      SegmentFault
      Stocks open class
      Telephone attribution assistant
      The driver drops
      The Kitchen
      Three new board
      Watercress reading
      WeChat

  • It’s a no brainer. Don’t pirate shit.

    • John Wickham

      Exactly. I can’t even see a benefit to getting Xcode from any source other than Apple.

      • Victor Liang

        It’s because Apple’s servers are extremely far from China, which results in slow download speeds from the Mac App Store. For Chinese developers, it would be much faster just to download it off an external source, hence the malware.

      • TwoSim

        because GFW, i download everything outside china is slow.

      • Sleetui

        But that’s rather untrustworthy.

    • Chuck Finley

      Uh…this has nothing to do with piracy.

      • Yes it does. You risk security if you pirate a software.

  • Sleetui

    So, is this tool safe to use?

  • Daniel

    Wouldn’t the app still be downloadable that are affected in the customer iTunes account even though it’s been pulled from the App Store?

    • Rowan09

      No because the sever linking to those apps were updated with the corrected information.

  • besrate hogsa

    It will be helpful if we can find out the list of apps that are infected by the xcode ghost

  • 5723alex .

    How come no anti-virus app detected the malware in the downloaded Xcode ?

    • Rowan09

      Guess they didn’t have anti-virus or didn’t care to check.

  • Micrones

    This just goes to show that no one is immune from malware including Apple.
    There is no 100% guarantee that this is the first malware in the App store, this was only publicly addressed because it was exposed.
    People should note that the fact that Android gets malware does not mean Apple is immune, any technology or platform is never 100% secure once opened to the software development community.
    This has nothing to do with jailbreak

  • Gary LE

    So what if i have wechat in my phone, should i be worried and delete it?

  • Great opportunity for every one…… show you a fantastic ways to earn 374 dollars per day by finishing basic tasks from your house for few short hours a day — See more info by visiting >MY_DISQUS_ profil e

  • Benedict

    Does Apple also remove the infected apps from the phones or just the app store?