Despite all its efforts to keep hackers at bay, Apple recently just succumbed to malicious attacks that affected a number of apps on the Apple App Store.
The Cupertino giant was quick to acknowledge the incident. It was reported by many news outlets that hackers cloned and altered the tool used by software developers who produce the apps for Apple App Store. The said tool was then made to contain malicious code and inject it into the targeted apps on the App Store.
Based on Palo Alto Networks’ findings, there are as many as 40 mobile apps containing the malicious code that are now still available via the App Store. Other online security firms detected as many as 300 affected apps. These apps include some of the most popular stuff in the mobile world such as WeChat, Camcard, and others that count millions of users.
This security risk is posing a threat to hundreds of millions of Apple users who have free access to the App Store.
Apple confirmed that the company already kicked out the apps it believes have been infected with the malicious developer code that had been pushed into the App Store by suspicious sources. The evaluation effort has been conducted through the collaboration between Palo Alto Networks, Apple and Alibaba, since most of the affected apps are developed in China.
The developer code in question is called Xcode, and rumors about its having been modified ran through Weibo posts in the recent week. Apple worked with a team of security experts to identify the versions of Xcode that had been infected and remove the malicious codes that are all stored in a cloud platform operated by Chinese search engine Baidu, which claimed that it already removed the bad code.
Users of WeChat, in particular, need to upgrade the app to its latest version in order to get rid of the malicious code. Luckily for the hundreds of millions of Apple App Store users, no personal data has been compromised or money stolen.
Monitoring efforts continue as Apple is still in the process of evaluating the scope of the vulnerability. Part of this effort is to make sure that software developers use only the legit version of Xcode in creating their apps.
The risk of downloading and installing the app in your mobile device could bring viruses to your handset once it opens websites that contain malware. Other instances of infection could be through pop-up messages asking for your password. These pop-ups may look harmless, but they are designed to steal your data. So beware.
