Apple Lists Top 25 Apps Hit By Malware In First Major Attack
By Anya George Tharakan
Apple Inc said the WeChat messaging app and car-hailing app DiDi Taxi were among the 25 most popular apps that were found to be infected with malicious software, the first-ever large-scale attack on its App Store.
The company had not previously disclosed which apps had been affected, although many had been identified by third parties.
Apple said on Sunday it was cleaning up its App Store after several cybersecurity firms reported that unknown hackers had embedded a malware, dubbed XcodeGhost, in hundreds, possibly thousands, of Chinese apps.
"We have no information to suggest that the malware has been used to do anything malicious," Apple said in its XcodeGhost Q&A Web page on Thursday.
Other infected apps include Baidu Inc's Baidu Music app, a music app from Internet portal NetEase Inc and the 58 Classified-Job, Used Cars, Rent app.
Tencent Holdings Ltd owns WeChat.
This is the first reported case of large number of malicious software programs making their way past Apple's stringent app review process.
Cyber security firm FireEye Inc said earlier this week that the security breach was much bigger than previously thought, affecting more than 4,000 apps on the App Store, compared with the earlier estimate of 39.
Prior to this attack, a total of just five malicious apps had ever been found in the App Store, according to cyber security firm Palo Alto Networks Inc.
Apple said on Thursday it was working with developers to get the apps back on the App Store and was blocking new apps that contained the malware.
The company also said some of the affected apps could be fixed through updates.
The hackers targeted the App Store using a counterfeit version of Xcode "toolkit," Apple's app-building software.
Many Chinese app developers downloaded the tainted software kit instead of the original one because of the slow download speeds from Apple's official servers located overseas.
Apple said it was working to make Xcode faster for Chinese developers to download.
(Reporting by Anya George Tharakan; additional reporting by Sneha Banerjee in Bengaluru; Editing by Anil D'Silva)
© Copyright Thomson Reuters 2024. All rights reserved.