Apple begins removing apps infected with the XcodeGhost malware


Apple is fully aware of the recent malware attack on several of its App Store apps, according to an Apple rep that spoke with Reuters via email. It has begun removing all known apps that have been infected, and is working with developers affected by the breach.

XcodeGhost, as we told you about yesterday, is malware that is attached to several legitimate App Store apps. The apps were infected due to using an illegitimate version of Xcode, which was downloaded from a third-party server in China. Most of the infected apps are of Chinese origin, but there are a few apps impacted, WeChat to name one, that are popular in other territories.

Here’s Apple’s statement to Reuters:

“We’ve removed the apps from the App Store that we know have been created with this counterfeit software,” Apple spokeswoman Christine Monaghan said in an email. “We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.”

Reading between the lines here, there may be remaining apps still available on the App Store that are still affected, but Apple is undoubtedly working hard on identifying every single last app that has been targeted by the malware.

Xcode is the IDE tool used by developers to create, compile, and deploy both mobile apps and desktop apps to the App Store and Mac App Store. By infecting the very source of an app’s creation, it makes it easier to sneak by the App Store review process undetected.

Developers should only download Xcode from the Mac App Store or Apple’s official developer portal. Downloading Xcode or any developer related assets from third-party sources is just asking for trouble.

From the sound of Palo Alto Network’s original report, it doesn’t appear as if the attack resulted in stolen user information. Still, this is the first wide scale breach of the App Store, and as such, it’s cause for legitimate concern.

There’s no current Apple-sanctioned method for a user to identify whether or not they’ve has been compromised, but we’ve heard that the Pangu team, the same team behind iOS jailbreaks for iOS 8, has released a tool to help identify infected apps.

Source: Reuters