Malicious Code Discovered in the App Store

September 25, 2015 • Devin Partida


Apple is often lauded for its advanced and strict security measures when it comes to its computing platforms – including mobile. However, recent events show that no matter how secure a device is, hackers will always find a way – even into Apple’s App Store.

Apple officially confirmed that hackers have used a software development tool to push infected and malicious apps live on the App Store. In total, about 40 apps have been compromised and uploaded to the online storefront.

According to researchers from Palo Alto Networks – who are looking into the security problem – the affected apps are designed to open websites and then infect the device with more malicious code. In addition, the apps will use popular phishing techniques to display a pop-up on the screen asking for personal information, such as passwords, billing info and more. This information is stored, whereupon unscrupulous individuals can use it later to gain access to personal accounts.

The security firm estimates that the problem could potentially be encountered by millions of Apple users. There’s no way to tell exactly how many are – and will be – affected when all is said and done. Hopefully, when it’s all wrapped up we’ll be given a more accurate count.

Most of the apps affected are popular in China, such as Didi Kuaidi, CamCard and WeChat. That doesn’t mean people won’t be affected elsewhere in the world. If you downloaded one of these apps – WeChat in particular – you may want to ensure your device is not compromised. You can always pay a visit to your local Apple store if you think there’s a problem.

What Is Apple Doing About It?

Christine Monaghan, a spokeswoman for Apple, said that the developer code “was posted by untrusted sources.” It’s not clear yet whether or not the copied versions of Xcode were illegally distributed.

“To protect our customers, we’ve removed the apps from the App Store that we know have been created with this counterfeit software,” said the spokeswoman.

By now, you’re probably asking: How did this happen? It’s because of a flaw in copied versions of Xcode, the integrated development environment – or IDE – that software developers use to create applications for Apple’s OS X and iOS platforms.

The copied versions of Xcode also happened to include malicious code that hackers secretly embedded in the software. When those particular versions of the development environment were used to update existing apps or create new ones, it led to an infection of the aforementioned apps.

Apple and security researchers have since located the infected and malicious versions of Xcode, which were being stored on servers managed by Baidu, a Chinese cloud hosting service. According to Apple and Baidu, affected versions of the development environment have been removed and eliminated. In addition, researchers claim that the websites that were being used to collect personal information have since been shut down.

There’s no reason to panic. Only the most recent builds of applications that were developed using the infected Xcode versions are part of the risk. Official versions of Xcode distributed by Apple do not count and were not affected.

What Does This News About the App Store Mean for You?

Unless you had some kind of interaction with the applications in question – which were mostly of Chinese origin – then you don’t have much to worry about. What is concerning is that hackers were able to take advantage of the Xcode development environment to do this sort of thing. Granted, the copied versions were not being distributed by Apple, but it does beg the question: Can this happen with official builds of Xcode?

Apple will say no, of course.

It just goes to show how far hackers are prepared to go in order to gain access to a system, no matter how secure it is. That’s why you should always practice safe browsing and usage habits.