Earlier today we reported that malicious apps had been found on the iTunes App Store which seems to have originated from China. However what was scary was the fact that some of these apps came from big name developers, such as Tencent whose WeChat messaging app was one of the apps that contained malicious code.
The good news is that Apple has confirmed the discovery of the malicious apps and has since taken steps to remove them. According to Christine Monaghan, an Apple spokeswoman, “To protect our customers, we’ve removed the apps from the App Store that we know have been created with this counterfeit software.”
It should be noted that the apps infected might not have been uploaded on purpose. It seems that someone had successfully tricked developers into downloading a compromised version of Apple’s developer tool kit, which upon use managed to sneak the malicious code into the app which was then unwittingly posted onto the iTunes App Store.
So why would developers download a compromised developer tool kit? It would seem that over in China, it is normal practice to use copies of Apple’s Xcode that have been stored on local servers, as opposed to using those are directly available from Apple. This apparently has to do with the locally stored version loading faster, hence the preference.
Otherwise, according to Ryan Olson from Palo Alto Networks, Apple would have prompted a warning that there was something wrong with the tool kit. The apps which were infected had the potential to do a lot of damage, such as steal iCloud passwords, prompt fake alerts, and share information about the device with the hackers. Unfortunately it is unclear how many users might have been infected by this.