Researchers discovered the largest-ever malware attack against the Apple App Store last week, a major security breach potentially involving hundreds of popular apps with hundreds of millions of users.
While Apple is currently engaged in a wide-ranging cleanup, the company has so far declined to give examples of major apps that were hit, provide estimates of how many apps were affected, or tell users how to determine if they’ve been affected. Apple did not respond to a request for comment.
The attack is known as XcodeGhost because it was hidden in an infected version of Xcode, an app used to develop software for Apple devices. Programmers who were hit with XcodeGhost unknowingly infected the apps they built, because they compiled those apps using infected versions of Xcode before publishing them to the App Store.
Security experts have identified dozens of infected apps, including WeChat, a popular messenger app with more than 500 million users. WinZip and Musical.ly were among the other affected apps.
The Chinese security researchers Qihoo360 reported that at least 344 apps were infected.
News of the unprecedented attack first surfaced among Chinese developers, followed by security researchers at Palo Alto Networks, who reported that XcodeGhost launched phishing attacks to steal iCloud passwords.
“Based on this new information, we believe XcodeGhost is a very harmful and dangerous malware that has bypassed Apple’s code review and made unprecedented attacks on the iOS ecosystem,” researcher Claud Xiao wrote. “The techniques used in this attack could be adopted by criminal and espionage focused groups to gain access to iOS devices.”
Photo via Scott Schiller/Flickr (CC BY 2.0)