Apple is moving to clean up its official iOS App Store after malware affecting both iPhones and iPads was discovered in dozens of applications including WeChat, PocketScanner and WinZip.
Uncovered by security researchers at Palo Alto Networks, the malware, which has been coined XcodeGhost, uses a modified version of the Apple developer code Xcode that is used to make OS X and iOS applications.
“XcodeGhost’s primary behavior in infected iOS apps is to collect information on the devices and upload that data to command and control (C2) servers,” the research team said, according to a report on Reuters.
“The malware has exposed a very interesting attack vector, targeting the compilers used to create legitimate Apps. This technique could also be adopted to attack enterprise iOS apps or OS X apps in much more dangerous ways.”
According to Palo Alto, once the inflected applications are downloaded the malware can open websites specifically designed to infect the Apple device with viruses and even attempt to exploit further personal information from users via official looking pop-ups.
“Since the dialogue is a prompt from the running application, the victim may trust it and input a password without suspecting foul play,” it said.
Apple confirmed to V3 it is now working with developers to ensure application security is restored and explained how it is moving to mitigate further attacks.
“A fake version of one of these tools was posted by untrusted sources which may compromise user security from apps that are created with this counterfeit tool,” said an Apple spokesperson.
“To protect our customers, we’ve removed the apps from the App Store that we know have been created with this counterfeit software and we are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.”
The legitimate Xcode developer code download, said to be 3.9GB in total, can take a significant amount of time to download on slower networks in countries such as China.
This indicates that some developers have been searching and downloading the code from non-Apple sources and have ended up downloaded the fake version of the platform, meaning their apps are, unknowingly, open to attack.
According to official reports, 39 apps have been affected. One Chinese security firm said it found 344 apps infected by XcodeGhost however, although Apple has not yet confirmed the total number.
While many of the affected apps were based in China, the malware attack also impacted versions of WeChat, a very popular messaging app used worldwide.
WeChat confirmed in a blog post that a preliminary investigation revealed that no theft or user data had leaked and said that it is now investigating.
“The WeChat tech team has extensive experience combating attempts to hack our systems. Once the security flaw was discovered, the team immediately took steps to secure against any theft of user information,” it said.
This marks the first large-scale attack on the official iOS App Store, with a total of just five malicious applications being uncovered previous to this incident.
The findings also come just a few days after the new iOS 9 update was released, which has already been downloaded millions of times onto iPhones and iPads.