Apple’s iOS App Store suffers first major cyber attack

Apple Inc said on Sunday it is cleaning up its iOS App Store to remove malicious iPhone and iPad programs identified in the first large-scale attack on the popular mobile software outlet.

The company disclosed the effort after several cyber security firms reported finding a malicious program dubbed XcodeGhost that was embedded in hundreds of legitimate apps. It is the first reported case of large numbers of malicious software programs making their way past Apple’s stringent app review process. Prior to this attack, a total of just five malicious apps had ever been found in the App Store, according to cyber security firm Palo Alto Networks Inc.

"The hackers embedded the malicious code in these apps by convincing developers of legitimate software to use a tainted, counterfeit version of Apple’s software for creating iOS and Mac apps, which is known as Xcode", Apple said. “We’ve removed the apps from the App Store that we know have been created with this counterfeit software,” Apple spokeswoman Christine Monaghan said in an email. “We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.”

Palo Alto Networks Director of Threat Intelligence Ryan Olson said the malware had limited functionality and his firm had uncovered no examples of data theft or other harm as a result of the attack. Still, he said it was “a pretty big deal” because it showed that the App Store could be compromised if hackers infected machines of software developers writing legitimate apps. Other attackers may copy that approach, which is hard to defend against, he said. “Developers are now a huge target,” he said. "The tainted version of Xcode was downloaded from a server in China that developers may have used because it allowed for faster downloads than using Apple’s U.S. servers".

Some app names mentioned by researchers to be tainted, include the popular mobile chat app 'WeChat', car-hailing app 'Didi Kuaidi' and a music app from Internet portal NetEase Inc.

On Tencent's blog, the makers of WeChat, they state that the security issue affects an older version of their app - WeChat 6.2.5 and the newest versions were not impacted. They also add that their initial investigations showed that no data theft or leakage of user information had occurred.

Cybersecurity firm Palo Alto Networks said on Friday that potentially hundreds of millions of users were impacted by the infected apps. "We believe XcodeGhost is a very harmful and dangerous malware that has bypassed Apple's code review and made unprecedented attacks on the iOS ecosystem," the firm said on its website.

The Chinese security firm 'Qihoo360 Technology Co' stated on its blog that it had discovered 344 apps tainted with XcodeGhost. Apple have not yet stated how many apps it has uncovered with the malicious code.