Beijing, China (BBN)-Apple has said it is taking steps to remove malicious code added to a number of apps commonly used on iPhones and iPads in China.
It is thought to be the first large-scale attack on Apple’s App Store, reports BBC.
The hackers had created a counterfeit version of Apple’s software for building iOS apps, which it persuaded developers to download.
Apps compiled using the software could steal data about the users and send it to servers controlled by the hackers.
In addition, the attackers could send fake alerts to infected devices to trick their owners into revealing passwords and other information.
The infected applications includes Tencent’s hugely popular WeChat app, a music downloading app and an Uber-like car hailing app.
Some of the affected apps – including the business card scanner CamCard – are also available outside China.
An Apple spokeswoman said apps created using the counterfeit software, XcodeGhost, had now been removed from the App Store.
“We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps,” said Christine Monaghan.
On its official WeChat blog, Tencent said the security issue affects an older version of the app – WeChat 6.2.5 and the newest versions were not impacted.
It added that an initial investigation showed that no data theft or leakage of user information had occurred.
Cybersecurity firm Palo Alto Networks said on Friday that potentially hundreds of millions of users were impacted by the infected apps.
“We believe XcodeGhost is a very harmful and dangerous malware that has bypassed Apple’s code review and made unprecedented attacks on the iOS ecosystem,” the firm said on its website.
But Wee Teck Loo, head of consumer electronics at market research firm Euromonitor International, said he did not forecast a major impact on the sale of Apple products.
“It is definitely embarrassing for Apple but the reality is that malware is a persistent problem since the days of PCs and the problem will multiply as the number of mobile devices explodes from 1.4 billion units in 2015 to 1.8 billion in 2020,” he told the BBC.
In fact, consumers are less cautious on mobile devices than on PCs, he added.
“In emerging markets like China or Vietnam, mobile devices are their first connected product and security is taken for granted,” he said.
“Consumers in emerging markets are also less protective of privacy and security issues,” added Wee.
Earlier this month, login names and passwords for more than 225,000 Apple accounts were stolen by cyber-thieves in China.
It was uncovered by security firm Palo Alto Networks while investigating suspicious activity on many Apple devices.
It found a malicious software family that targets jailbroken iPhones.
The majority of people affected were in China.