The attackers behind the malware created a modified, counterfeit version of Apple’s Xcode developer software and posted it online for developers to download and use.
Such was the case with Xcode, the official Apple software developers use to make iPhone apps.
The malicious software collects information from infected devices and uploads it to outside servers, according to Palo Alto Networks, a U.S.-based security firm. Dubbed XcodeGhost, security researchers believe the malware could have affected hundred of millions of users, according to Palo Alto Networks.
Palo Alto Networks Director of Threat Intelligence Ryan Olson said the malware had limited functionality and his firm had uncovered no examples of data theft or other harm as a result of the attack.
Other compromised apps include taxi-hailing app Didi Chuxing, train ticket vendor app Railway 12306 and China Unicom Mobile Office. “If the app is compromised, then end-users will start getting affected”, he said, adding that Apple must have put in place a way to check the veracity of apps on the iOS store.
The discovery of malware in Apple’s App Store is unprecedented for the company, which subjects apps to a stringent review process before publishing them in the App Store.
The infected iOS apps, from Chinese instant messaging services to global business card scanners, were all compiled with XcodeGhost.
On Sunday, Apple confirmed that its App Store has suffered its first major security breach.
It’s because it’s not yet clear as to the number of users who have already downloaded the infected apps.
Arment’s supporters praised him for taking the app down, calling it a bold move. The apps in question were apparently infected using a backdoor approach.
To be able to copy the Xcode, it was noted that the hackers had to have somehow disabled existing security features at Apple.
So far Apple has declined to reveal how many apps were adversely affected. The affected apps have been removed, and the companies involved say they’re investigating the depth of the breach.