Skip to main content

Apple removes several Chinese apps after App Store malware attack

Usually on the ball when it comes to security, Apple hit a major bump earlier this week, allowing 39 apps from China to be added containing malware.

The problems stem from a corrupt version of Xcode, known as XcodeGhost, which was apparently used by major development studios in China including Tencent and Didi Kuaidi.

US cyber security firm Palo Alto Networks was the first to discover the malicious software tacked onto the apps, downloaded by Chinese users millions of times.

“To protect our customers, we’ve removed the apps from the App Store that we know have been created with this counterfeit software and we are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps,” said Apple.

It is weird seeing major Chinese studios using a corrupt version of Xcode, usually found on torrenting sites. Xcode is available to developers for free, but there are some advantages to using forked versions that may offer additional content outside of Apple’s official boundaries.

Tencent has already added a new WeChat app without the infection, but we cannot help questioning how it got onto the app in the first place. The Chinese social giant has avoided answering that question, although they did confirm no information was stolen.

Apple also seems to be in a state of flux over news that some of its friends in the region aren’t using official programs. It is not the first time we’ve seen large scale malware issues in China either, showing the region still has a long way to go on the safety front.

The malware issues might turn Chinese users to other applications like WhatsApp and Uber, two competitors to WeChat and Didi Kuaidi, respectively. That’s if they’re reported in China, notorious for keeping Chinese company issues secret from the millions of people in the country.