South China Morning Post
Advertisement
Advertisement
WeChat
Get more with myNEWS
A personalised news feed of stories that matter to you
Learn more
The green WeChat icon is seen on an iPhone screen. The app is hugely popular, with half a billion users. Photo: Bloomberg
World

WeChat among China-linked apps infected with malware after first large-scale attack on Apple's App Store

Car-hailing service Didi Kuaidi also among hundreds of legitimate mobile apps involved in the store's first major infection, after developers inadvertently downloaded infected code from Chinese servers

WeChat
Reuters
Reuters
Why you can trust SCMP

Apple is cleaning up its iOS App Store to remove malicious iPhone and iPad programs identified in the first large-scale attack on the popular mobile software outlet – and hugely popular China-linked apps are among those infected.

Researchers said infected apps included Tencent Holdings Ltd’s popular mobile chat app WeChat, Chinese car-hailing app Didi Kuaidi and a music app from Internet portal NetEase Inc. WeChat has about half a billion users; it's not clear how many are using the infected version of the app.

Apple disclosed the cleanup effort on Sunday after several cyber security firms reported finding a malicious program dubbed XcodeGhost that was embedded in hundreds of legitimate apps.

Read more: WeChat eyes lead role in 'internet of things' as Tencent's mobile messaging tool lures developers to its open hardware platform

Chinese security firm Qihoo360 Technology Co said on its blog that it had uncovered 344 apps tainted with XcodeGhost.

It is the first reported case of large numbers of malicious software programs making their way past Apple’s stringent app review process. Prior to this attack, a total of just five malicious apps had ever been found in the App Store, according to cyber security firm Palo Alto Networks Inc.

Watch: Apple on alert for Chinese malware in apps

The hackers embedded the malicious code in these apps by convincing developers of legitimate software to use a tainted, counterfeit version of Apple’s software for creating iOS and Mac apps, which is known as Xcode, Apple said.

The tainted version of Xcode was downloaded from a server in China that developers may have used because it allowed for faster downloads than using Apple’s U.S. servers, Olson said.

Read more: Chinese electronics giant Haier to open 1 million WeChat stores by 2016 as firm targets e-commerce

“We’ve removed the apps from the App Store that we know have been created with this counterfeit software,” Apple spokeswoman Christine Monaghan said in an email. “We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.”

She did not say what steps iPhone and iPad users could take to determine whether their devices were infected.

Palo Alto Networks Director of Threat Intelligence Ryan Olson said the malware had limited functionality and his firm had uncovered no examples of data theft or other harm as a result of the attack.

Still, he said it was “a pretty big deal” because it showed that the App Store could be compromised if hackers infected machines of software developers writing legitimate apps. Other attackers may copy that approach, which is hard to defend against, he said.

“Developers are now a huge target,” he said.

Apple declined to say how many apps it had uncovered.

Read more: Apple to launch online payment service in China, has set up new company in Shanghai FTZ: report

Post