A news report published in Reuters confirmed that after several cyber security firms reported a malicious iPhone and iPad program that attack on the popular mobile software outlet and was embedded in hundreds of legitimate apps, Apple Inc APPL.O on Sunday said it was cleaning up its iOS App Store to remove the malicious program dubbed XcodeGhost.
According to cyber security firm Palo Alto Networks Inc (PANW.N), it is the first reported case of large numbers of malicious software programs making their way past Apple's stringent app review process. Prior to this attack, only five malicious apps had ever been found in the App Store.
Then, the malicious code was embedded in the apps by convincing developers of legitimate software to use a tainted, counterfeit version of Apple's software for creating iOS and Mac apps, which is known as Xcode.
Researchers said infected apps included Tencent Holdings Ltd's (0700.HK) popular mobile chat app WeChat, car-hailing app Didi Kuaidi and a music app from Internet portal NetEase Inc.
Tencent said on its official WeChat blog that the security flaw affects WeChat 6.2.5, an old version of its popular chatting app, and that newer versions were unaffected. A preliminary investigation showed there had been no data theft or leakage of user information, the company said.
Chinese security firm Qihoo360 Technology Co (QIHU.N) said on its blog that it had uncovered 344 apps tainted with XcodeGhost.
"We've removed the apps from the App Store that we know have been created with this counterfeit software," Apple spokeswoman Christine Monaghan said in an email. "We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps."
However, it was not clear that what steps iPhone and iPad users could take to determine whether their devices were infected.
Ryan Olson, director of threat intelligence at Palo Alto Networks, told Reuters that the malware had limited functionality and his firm had uncovered no examples of data theft or other harm as a result of the attack.