Chatter about modified versions of the developer code, called Xcode, started to surface last week on Weibo, China’s version of Twitter.
Apple has removed several apps from its App Store after they were compromised by malware.
Popular apps affected by the malware include Chinese messaging app WeChat and China’s largest taxi-aggregator app from Didi Kuaidi, a rival to US-based Uber.
According to Forbes, the infection stemmed from developers downloading third-party copies of Xcode, a developer tool for iOS and Mac OS X applications.
If you don’t want to wait until Google adds support for picture-in-picture mode in their official YouTube app, there is a solution to get it early by installing Homegrown Software Ltd’s YouPlayer app on your iOS 9-powered iPad, as first discovered by some Reddit users.
Security firm Palo Alto Networks said the XcodeGhost code could have reached hundreds of millions of users and taken data such as passwords, although it had not seen any examples of sensitive information being stolen.
Marco Arment, the man behind Peace, the most popular ad blocker on the App Store right after Apple content blocking green light, has removed it after just two days even though it was the top app in the App Store Paid Top Charts.
Once done, Apple displays a message offering users to recycle their Android phones for free.
The majority of people affected were in China.
It is quite unusual for the malware to spread through the App Store of Apple, which typically subjects apps to rigorous reviews.
Apple customers who have older iPhones and iPads are now reporting that upgrading to iOS 9 have caused some apps and, in some instances, their entire devices to crash, rendering their devices practically useless.
Palo Alto Networks Inc.’s Director of Threat Intelligence Ryan Olson told Reuters that the malware, which replaced legitimate Xcode, was limited in its functionality and said that his firm had found no instances of data theft of other harm from the attack.
Chinese safety agency Qihoo360 Technology Co stated on its weblog that it had uncovered 344 apps tainted with XcodeGhost.