Apple has confirmed that its App Store has, in fact, been spreading apps with malicious code. This is the first ever successful attack on the app marketplace.
In an article posted on the Palo Alto Networks website, the security firm said that it had found and removed several apps that included a malicious program called Xcode Ghost.
Xcode Ghost is, according to IOL, "a fake version of Apple's software development program Xcode – that hides malware in otherwise legitimate apps.”
The program was used by developers creating apps, which means average consumers have no meaningful way to parse the good apps from the bad.
Apple said a total of 39 iOS apps were affected, with IOL adding ride-hailing service Didi Kuaidi and chat app WeChat among the infected ones.
The malicious code could prompt a fake alert dialog to phish user credentials, hijack opening specific URLs based on their scheme, which could allow for exploitation of vulnerabilities in the iOS system or other iOS apps, or read and write data in the user’s clipboard, which could be used to read the user’s password if that password is copied from a password management tool.
“Based on this new information, we believe XcodeGhost is a very harmful and dangerous malware that has bypassed Apple’s code review and made unprecedented attacks on the iOS ecosystem. The techniques used in this attack could be adopted by criminal and espionage focused groups to gain access to iOS devices,” Palo Alto Networks says.
Apple said it had removed the apps known to have been created with this counterfeit software.