In its attempt to purge the App store Apple has recently removed hundreds of malicious apps from its app store after identifying the first large scale attack on the platform. According to Apple, hackers modified the iOS apps developing tool called Xcode.
Apple initiated the process after the security firms reported their findings in which a malicious code was found embedded in legitimate iPad and iPhone apps.
As per Apple spokeswoman Christine Monaghan,
“To protect our customers, we’ve removed the apps from the App store that we know have been created with this counterfeit software.”
It is being rumored that hackers convinced some developers to use a modified version of Xcode to get faster software download as compared to Apple’s US based servers.
According to New York Times,
“After download the infected apps’ could trigger certain websites to open that subsequently further infect the phone; the code can also force pop-ups that request things like passwords. Reuter’s notes developers may have used the bad version of Xcode because it was held on a Chinese server and could possibly be downloaded faster than Apple’s version on US server.”
Apple has not revealed that how the infected version got approval from the security screening at the app store.
In an interview with Reuters, Ryan Olson, Director of threat intelligence, Palo Alto networks said that the malware has limited functionality and didn’t cause much harm. He also explained that the firm found no signs of data theft or other damage.
The infected apps, as per rumors, include car-hailing app Didi Kuaidi, WeChat and a popular music app from NetEase Inc. Apple though has not yet confirmed the number of apps it had uncovered and/or removed.
With a strict app review procedure already in place, this security breach is not a good news for Apple. Apple has reassured its users of no significant threat and has vowed to take preventive measures against such attacks in future.