Apple purges malware-infected apps from App Store

Developers had been duped into inserting apps with malicious code

Alas, Apple's walled App Store garden isn't that safe after all. It forced the company to purge the App Store of apps, all of which were commonly used on iOS devices in China. This is thought to be the first large-scale attack on its marketplace for apps.

What happened here? Basically attackers fooled developers into developing a fake version of the software used to create apps. Apps created by it would then be used by attackers to collect user data and send it to their own servers.

Security company Palo Alto was the first to sound the alarm about the malware dubbed XcodeGhost, which would also send fake alerts to devices to dupe users into surrendering personal information.

You're the type who saves logins and passwords on your phone? Well, rethink that. The malware could also be used to read clipboards on devices and potentially access those logins.

Among the infected apps were Tencent's WeChat app, the car hailing app from Didi Kuaidi and the NetEase music download app as well as the business card scanner CamCard. Apple has confirmed that the related apps have been removed.

WeChat has responded by saying that it had received no reports of users being compromised as yet, and that only an older version of WeChat had been affected. It looks like Apple's strict policing isn't quite enough even if, by and large, the App Store is less prone to malware-ridden apps than, say, Google's Play Store.

Unless you use apps from China, most users likely won't be affected by this but the era of being smug about iPhones being safer seems to have officially ended.

[Source:BBC]