Skip to content

Apple to remove 300+ malicious apps after rare security lapse

  • by

After its biggest iOS security lapse ever, Apple is taking swift action to remove hundreds of malicious apps from the App Store.

The malware was embedded into apps by hackers, who tricked legitimate developers into inadvertently compiling their software with a counterfeit version of Apple’s developer program Xcode. The fake software has been dubbed ‘XcodeGhost’ and has affected over 300 apps, including the hugely popular Chinese social network WeChat.

Infected apps can potentially collect information about the device and send it back to the hackers. The available data is specific to the device and not a user’s personal information – although attackers could use the infected app to launch fake alerts asking for more intimate user details such as passwords and billing information.

XcodeGhost originated in China, where it was uploaded to file sharing network Baidu. International downloads can be incredibly slow in China, and it’s possible many developers would have looked to the locally-based Baidu as a quicker alternative to download the developer tools. As a result the vast majority of apps infected by the malware are Chinese, although some of the affected apps were released to a wider audience, including the U.S. and Europe.

In a statement, an Apple spokesperson confirmed that the company has “removed the apps from the App Store that we know have been created with this counterfeit software.” It is also working with developers to “make sure they’re using the proper version of Xcode” to produce new, safe versions.

Before this attack, Apple had only ever had to deal with a total of five malicious apps tainting its famously secure App Store. Without doubt this is the largest-scale security breach the App Store has faced. The good news is that unless you’ve been downloading dozens of Chinese apps, you’re unlikely to be affected – although so far Apple has refused to release a full list of affected apps, or a way to find out if you have a malicious app installed.

Update: 9to5Mac has got hold of a list of all the apps so far identified as being infected by XcodeGhost. If you have anything on the list installed on your device, we recommend you delete it and wait for a newer version to be uploaded to the App Store.