Modified versions of Xcode used to sneak malware into App Store, Apple confirms [u]
Apple on Sunday confirmed that hackers copied and altered its Xcode development software, using it to successfully infiltrate malware into the App Store.
"To protect our customers, we've removed the apps from the App Store that we know have been created with this counterfeit software," spokeswoman Christine Monaghan told the New York Times.
About 40 infected apps made it onto the App Store, according to security researchers with Palo Alto Networks. Some of the apps were extremely high-profile, including WeChat and a popular ridesharing service, Didi Kuaidi. Palo Alto said that it was working with Apple and developers to asses the impact of the security breach. Chinese security firm Qohoo claimed that over 300 apps were infected.
The modified versions of Xcode were hosted on cloud storage run by China's Baidu. Baidu has already deleted the offending software, and Apple told the Times that it's working with developers to make sure they're using an authentic Xcode release.
It's not clear how many people may have downloaded infected apps. The embedded malware can, however, launch websites that will download additional malicious code, or generate pop-ups asking people for sensitive data. Many of the sites collecting stolen data have been shut down.
Palo Alto noted that to get a modified version of Xcode, affected developers would've had to disable Apple security features. The hackers also appear to have exploited the tendency for Chinese developers to download Xcode from local servers, since connections to Apple servers can be much slower.
Apple has traditionally positioned its platforms as being more secure than Android or Windows. In fact the strict rules and review process for the App Store have generally kept out most malware, but the size of this latest breach is unprecedented.
Update: WeChat developer Tencent noted to AppleInsider that a fixed version of the app, 6.2.6, is already out on the App Store.