Many of the most popular iPhone apps in China have been infected with malicious software in what researchers are calling the first major cyberattack on Apple’s iOS App Store.
According to multiple security research firms, numerous widely used apps such as mobile chat app WeChat, which boasts nearly 500 million active users, have been compromised.
{mosads}Other notable tainted apps include leading Chinese car-hailing app Didi Kuaidi, NetEase’s music downloading app and business card scanning app CamCard, which is available outside of China as well.
According to research from Alibaba Mobile Security, the hackers compromised the apps by tricking software developers into using a corrupted version of Apple’s development tool kit. As a result, the infected apps can relay sensitive user data back to the hackers, or send fake alerts that can lure a user into giving up an Apple iCloud account password, The Wall Street Journal reported.
In a Sunday statement, Apple said it was quickly addressing the issue.
“To protect our customers, we’ve removed the apps from the App Store that we know have been created with this counterfeit software and we are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps,” the company said.
The scheme is the first major example of cyber criminals successfully tricking Apple’s strict app review process.
Security firm Palo Alto Networks said only five malicious apps had been found in the App Store previously. The company listed nearly 100 apps on its blog that were compromised by the newly uncovered plot. Chinese security firm Qihoo360 said it had found 344 corrupted apps, according to multiple reports.
Palo Alto Networks Director of Threat Intelligence Ryan Olson told Reuters that the success of the strategy may launch a new era of cyberattacks. The discovery that infecting the machines of legitimate software developers is a successful way to bypass Apple’s review process will certainly lead to copy cats, he said.
“Developers are now a huge target,” Olson explained.