For the first time since its inception, the Apple App Store has fallen victim to a major cyber attack, that could affect hundreds of App Store apps, and thereby, hundreds of millions of Apple users. Over the weekend, cyber security firm Palo Alto Networks was first to notice malware infected app store apps, highly unusual since Apple heavily scrutinizes App Store submissions for these sorts of issues. According to Palo Alto, only 5 infected apps have made it into the App Store which opened in 2008. The hundreds of apps that were infected this weekend include popular apps like WeChat that are used around the world.
How was the malware introduced?
Hackers combined social engineering techniques and a counterfeit version of Xcode, now dubbed XcodeGhost, a piece of software provided by Apple to app developers to create iOS software. In China, however, downloading Xcode is notoriously slow from the legitimate Apple servers. By advertising faster download speeds, hackers were able to take advantage of Chinese app developers’ impatience and created their own server to distribute a counterfeit version of Xcode, which then injected malware into the applications, without the developer’s knowledge.
Apple has since pulled the infected apps from the app store and is working with developers to update their apps. Unfortunately, there has been no guidance for users that may or may not have infected software on their mobile devices. Palo Alto has a blog post that lists the infected software, although I’m not sure if it’s a comprehensive list or not.
It’s a bad day for both users and Apple, who will have to keep in mind that developers are a potential security vulnerability of the App store. It’s kind of a big deal.
While most of the apps infected are Chinese, there are many that are not, so make sure your apps are up to date.Follow bernardfok