Last week we reported how a number of malware-ridden apps were found on the Chinese version of Apple’s App Store. The iPhone-maker has since confirmed the offending apps have been removed. The malicious apps were reportedly created using a bogus version of Xcode (the developer tool for iOS apps) that snuck hidden, malicious features into genuine apps with a program called “XcodeGhost”. Curiously, a tactic also considered by the CIA at one point. Exactly how many apps were affected is unclear, but popular titles in the country like WeChat, and car-hailing app Didi Kuaidione are reported to be on the list. Security firm Qihoo360 Technology is reporting at least 344 were removed from the store.
What’s less clear is the impact to any users that were unlucky enough to download one of the infected apps while they were available. Palo Alto Networks Director of Threat Intelligence Ryan Olson claims the impact was likely negligible, with no reports data theft, or “other harm.” Olson also points out, perhaps the real concern is that this attack demonstrates that Apple’s App Store, and its famously rigorous approval process are far from immune to vulnerabilities, especially given that developers had no idea this was going on.
Via: The Guardian
Source: Reuters