Home News Apple Malware Attack Leads to 300 Apps Being Removed

Apple Malware Attack Leads to 300 Apps Being Removed

Sep 23, 2015

Apple has a huge mess to deal with as hackers have infected the iOS App Store with tons of malware, and already over 300 software apps have been removed from the App Store as a result. At first, it was thought that the apps were not really dangerous, but now it is looking like the malware, which tarted developers, is a little more serious than previously thought. This is the first major security breach for Apple, which has managed to stay off of the malware and hack list for quite some time.

There have been several different security companies that have now started working together in order to find all of the apps deemed malicious. Claud Xiao, who works for PaloAlto Networks has found 39 different malicious apps, while Fox-IT has found quite a few as well. A lot of the apps that contain the malware are popular in China, with one app being Railway 12306, and this app is used to purchase train tickets. WeChat version 6.2.5 also appears to be infected, although the up-to-date version of WeChat appears to be just fine. It is not just people in China being affected by the App Store malware though, as people in the United States are also in trouble since there are some affected apps for U.S. customers coming up as well. CamCard, which is an app for storing business cards, and was rated as one of the “Top Paid Apps of 2014” is infected with the malware. While Apple itself has not come out saying which apps have been affected, many of these security companies, along with Chinese news websites are mentioning several affected apps. A Chinese news station reported that banks, airlines, and a popular music service were also part of the malware-infected group of apps.

At the beginning of this whole mess, it was thought that the malware was innocuous, meaning that only current time and small sections of the device’s ID could be obtained. One research, along with Xiao, said that these infected apps can also receive commands from the attacker, meaning that there is at least one hacker behind this whole situation. The commands can allow the hacker to read and then write data to the clipboard of the victim, and then open specific URL’s, or it would prompt a fake alert on the screen. Xiao claims that these types of commands and actions could lead to the hacker obtaining passwords from people, potentially thousands of people both in the United States and abroad in places like China.


Interestingly enough, Alibaba Group, an e-commerce giant, first publicized this problem last week, and dubbed it XcodeGhost. This is because the malware is being spread through a counterfeit version of Xcode, which is a tool Apple uses for creating apps for both iPads and iPhones. The counterfeit tools end up spreading like wildfire when developers begin to download the Xcode from untrusted sources instead of downloading this app creator tool directly from Apple itself. Specifically, a lot of developers in China end up downloading the Xcode from other sources or even get the copies from colleagues because of the large size of Apple’s Xcode package.

There are internet filters in Beijing that hinders access to foreign websites like Apple, and this is why developers and people in general are using copies of foreign software that are posted on various websites in China in order to speed up access. So basically, the developers are using “unauthorized sources” to download the Xcode, not from the Apple website but from China-based locations, and these are fake sites that contain malware within the Xcodes. Xiao said that this is only the sixth time that malicious software has made it through the screening process Apple has in place for items in the App Store, although this is the first major security breach that Apple has seen, which is actually pretty impressive considering how many hacks and attacks have happened to websites within the past few years.

Of course, Apple has not responded to the several requests for comment, but Christine Monaghan, a company spokesperson said to the Guardian through email that several apps have been removed from the app store, and they were created using counterfeit software. She went on to say that Apple is working with the developers to ensure that the proper version of Xcode is being used in order to rebuild their apps. Apple is not saying which apps have been affected with the malware, although it is likely that at some point the company will come out to say which apps were infected, since it could put thousands if not millions of people through the world at risk if they choose to remain silent instead. As of this hour, no group or person has claimed responsibility for the malware infection or hack, so it’s not known who installed this malware or what intent there was, such as trying to steal personal information or possibly extortion of some kind. We will likely hear from Apple later on as the company looks into the security breach, but for now, it is outside security companies that are banding together to alert the public of the risk.