In order to get embedded into legitimate apps, hackers persuaded app developers to work on a counterfeit Apple version dubbed Xcode, according to Apple, which was downloaded from servers in China possibly as it was faster than getting the original software.
Oh Apple. Why continue to treat us like idiots and insist that we download Xcode via the store? (forcing me to work out the direct url!)
— Sam Deane (@samdeane) September 11, 2015
“We’ve removed the apps from the App Store that we know have been created with this counterfeit software,” Christine Monaghan, Apple spokesperson, said in an email to Reuters. “We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.”
Apple began to remove iOS apps infected by #XcodeGhost from App Store, and to notify developers to recompile them by official Xcode.
— Claud Xiao (@claud_xiao) September 19, 2015
Before this major intrusion, there have been reported just five cases of malicious iOS programs. According to cyber security firm Palo Alto Networks Inc compromised apps included:
— popular mobile chat app WeChat;
— car-hailing app Didi Kuaidi;
— music app from Internet portal NetEase Inc;
— and 341 more mostly Chinese apps, according to Chinese security firm Qihoo360 Technology Co estimates.
The company has not yet clarified how Apple users can identify whether their gadget has been infected or not and how to deal with the issue if it has.
Why is it Apple/Mac owners still perpetuate the lie that they never get infected by viruses etc
— ZedEx48K (@ZedEx48K) August 12, 2015
The news appears on the tails of reports of the newly-released iOS 9 installation causing device failures.