santiago silver - Fotolia

Apple cleans out App Store after XcodeGhost malware breach

Apple takes action after Chinese XcodeGhost malware affects an undisclosed number of apps on the company's App Store

Apple has pulled a number of malware-infected Apps from the App Store after researchers uncovered a major security breach in China, the first to affect the App Store on a large scale.

The XcodeGhost malware is understood to have become embedded in a number of apps after convincing legitimate app developers to use a fake version of Xcode, the software used to build apps for iPhone and Mac platforms.

The affected apps were widely used in China, and included ride-hailing app Didi Kuadi, messaging platform WeChat, business card scanning app CamCard and a music app developed by internet portal NetEase.

Security researchers at a number of companies – including Alibaba Mobile Security and Palo Alto Networks – have been working with Apple to identify and take down the tainted software, and purge the internet of the compromised versions of Xcode, found to be hosted by Chinese web service Baidu.

“We’ve removed the apps from the App Store that we know have been created with this counterfeit software,” said Apple spokesperson Christine Monaghan in a statement.

“We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.”

Palo Alto played down the impact on users, saying it had found no examples of any breaches down the line so far.

Nevertheless the problem may yet be far more serious. According to Palo Alto, the XcodeGhost can prompt fake user alerts to phish for passwords, and read and write clipboard data.

“We believe XcodeGhost is a very harmful and dangerous malware that has bypassed Apple’s code review and made unprecedented attacks on the iOS ecosystem,” said Palo Alto security researcher Claud Xiao.

Observers noted that the developers may have been tempted to use XcodeGhost because it was being hosted in China, and therefore quicker and easier to download than the legitimate version. This raises concerns over the security of the app-development process, said Palo Alto.

Piers Wilson, head of product management at Huntsman Security, commented: “The success of the attack is another reminder that not all attacks are new hacking techniques or ultra-sophisticated malware, but often just exploit human nature.

“Developers who in all likelihood had no malicious intent were tricked into building malware into the otherwise legitimate apps they were creating.”

Read more on Web application security