Apple removes malware-infected apps that sneaked onto the App StoreBy Tim Schiesser
Apple has removed a collection of malicious apps from the App Store after a strain of malware, known as XcodeGhost, made its way past the company's usually-strict security and app review protocols.
The attackers behind the malware created a modified, counterfeit version of Apple's Xcode developer software and posted it online for developers to download and use. Some developers of legitimate apps mistakenly downloaded the malware-infected version of Xcode, which secretly embedded malicious code into the apps they were developing.
According to security firm Palo Alto Networks, XcodeGhost was able to prompt fake alert dialogs for phishing purposes; read and write data from the clipboard, which could be dangerous if the clipboard included a password copied from a password manager; and hijack the opening of URLs.
XcodeGhost is particularly dangerous because it managed to completely bypass Apple's iOS app review process. Some apps published to the App Store that included malicious code were popular Chinese messaging app WeChat, Angry Birds 2, and business card scanner CamCard, with over 300 apps suspected of being infected.
Apple has since removed all of the apps affected by XcodeGhost, and are working with their developers to ensure all future apps are created using a legitimate version of Xcode, which is already available for free from Apple's website.