Apple says App Store in China victim of major malware attack

21 Sep 2015

Apple was left scrambling to fix its App Store in China after it was found that a number of apps on the platform contained malware called XcodeGhost in what is one of the first major attacks against the App Store.

The attack against the App Store in China is unlikely to be well received by the Chinese government, which remains unfriendly towards the American company for hindering its own nation’s tech producers.

This particular attack from an unknown source is arguably one of the most potentially damaging to users of the iPhone as the XcodeGhost malware allowed it to collect significant quantities of customer data through some of the country’s most popular apps, according to Reuters.

These appear to include the enormously  popular WeChat app, the national Uber rival Didi Kuaidi, and the music app NetEase, but hundreds of other apps were also victims of the malware.

Apple has said that many legitimate app developers in China were duped into embedding the code into their apps by being prompted to use a well-made counterfeit version of its software development kit for app makers.

Malware has been removed

Chinese app developers were the ones largely susceptible to XcodeGhost malware because many app developers in the country use a Chinese server to download the necessary files, rather than going through the US portal.

Until now, it was believed that only five apps in Apple’s history had ever succumbed to malware, but this has now changed in a rather big way.

However, the company said that it has taken all the necessary steps to remove the malicious code form the App Store in China.

Responding to enquiries, Apple spokesperson Christine Monaghan said: “We’ve removed the apps from the App Store that we know have been created with this counterfeit software. We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.”

Meanwhile, a Chinese security firm gave what it believed to be a total number of apps infected – 344 – but Apple has refused to comment on an exact number.

Shanghai Apple store image via Shutterstock

Colm Gorey was a senior journalist with Silicon Republic

editorial@siliconrepublic.com