Apple has removed a variety of malware-infected apps from its App Store after revealing that false developer code, dubbed XcodeGhost, had found its way into a number of applications. This is one of the first major malware related issues on Apple’s walled-garden App Store, which in comparison to Google’s Play Store, is often considered significantly more secure.
Apparently XcodeGhost shoehorned its way into the software developers use to create apps for iOS and Mac, called Xcode, fooling app creators into thinking it was the legitimate version of the program.
“We’ve removed the apps from the App Store that we know have been created with this counterfeit software,” said Apple spokesperson Christine Monaghan in an interview with Reuters.
Notable apps affected by this glitch are popular Chinese messaging app WeChat (which has over 600 million active monthly users), business card scanner CamCard, and Chinese Uber rival Didi Chuxing. WeChat says that the latest version of its messaging platform has not been affected by the software.
According to The Verge, there’s no evidence that any data theft has occurred, although it is still possible. However, the entire incident is worrying because it’s a perfect example of how developers can be tricked into using malicious software, in the process bypassing Apple’s code review.
According to U.S.-based cyber-security firm Palo Alto, it’s believed that the malware originated in China and that many developers likely downloaded it because it was faster to download than the free official version available on Apple’s App Store.
Roughly a year ago Apple suffered an iCloud related security breach when approximately 500 private images and photos of celebrities, most of which were women, leaked online via imageboard 4chan.