Chinese apps behind Apple's iOS store attack

Cuppertino-based Apple on Monday said it was removing infected apps from its iOS store which it claims was created using a malicious or counterfeit code affecting mostly Chinese apps.

"We've removed the apps from the App Store that we know have been created with this counterfeit software," Apple spokeswoman Christine Monaghan said in a statement.

According to experts, the malicious code, called XcodeGhost, was located in a Mach-O object file that was repackaged into some versions of Xcode installers which affected mostly China-based apps like WeChat, Chinese taxi hailing app Didi Chuxing, train ticket purchasing app Railway 12306, and others including popular stock trading apps.

Almost 344 apps tainted with XcodeGhost was found on the store, Chinese security firm Qihoo360 Technology Co said on its blog.

"Keeping in mind Apple's stringent security standards and closed-interface software, the entry of the malicious code into several apps will make iOS users wary of app downloads from the store," Vishal Tripathi, director of research, Gartner India, said.

"Firstly nowadays developers are a huge target and hence this mode of attack may have been used. If the app is compromised, then end-users will start getting affected," he said, adding that Apple must have put in place a way to check the veracity of apps on the iOS store.

Security firm Paloalto Networks, which was the first to detect the malicious code, said XcodeGhost collects information on the devices running infected apps and uploads that data to command and control servers.

The collected information might include current time, current infected app's name, app's bundle identifier, current device's name and type, current system's language and country, current device's universally unique identifier (UUID) and network type.

UUID is an identifier standard used in software construction which is represented in a 128-bit value. The code can also be used to get access to an infected users' iCloud account.

Tencent's WeChat, which was one of the affected apps, in a blog post said "a security flaw, caused by an external malware, was recently discovered affecting iOS users only on WeChat version 6.2.5."

"This flaw has been repaired and will not affect users who install or upgrade WeChat version 6.2.6 or greater, currently available on the iOS App Store," the blog post said.

"A preliminary investigation into the flaw has revealed that there has been no theft and leakage of users' information or money, but the WeChat team will continue to monitor the situation," the company said.