Apple has set up a help page listing the 25 most popular apps found to be infected with malicious software. This wave of malware was the first of its kind to make it past Apple’s rigorous app review process.
The tech giant announced Sunday that it was clamping down on its App Store after multiple cybersecurity firms reported that malware, dubbed XcodeGhost, can exploit a vulnerability in a counterfeit version of Xcode, Apple’s suite of app development tools. Apple is currently blocking apps created with unofficial tools that can be used to inject the malicious code, but said that they could be re-added to the App Store if updated using Xcode.
The affected apps are of Chinese origin. WeChat and DiDi Taxi, China’s top chat and car-hailing apps, are among those infected. Also included in the hundreds, or perhaps thousands of compromised apps were Baidu Music and the multiplayer game ‘Heroes of Order & Chaos.’
Though the extent of the infection might seem overwhelming, Apple assured users that it wasn’t aware of any subsequent foul play.
“We have no information to suggest that the malware has been used to do anything malicious,” the company said on its XcodeGhost Q&A Web page on Thursday, according to Reuters.
It isn’t clear how many tainted iPhone and iPad apps were downloaded by users, but cybersecurity firm FireEye said earlier this week that the breach was much larger than previously estimated, affecting over 4,000 apps on the App Store, rather than just the 39 originally thought to have been infected.
Prior to XcodeGhost, a total of only five apps in the App Store had been found to contain malicious code, according to cybersecurity firm Palo Alto Networks, as cited by Reuters.
Chinese app developers unwittingly tainted their apps with the unofficial development kit because it was easier for them to download than the legitimate version, due to Apple’s servers being located overseas. Apple said that it was in the process of making Xcode faster for Chinese developers to download.