A sales assistant shows features of iOS 9 on an Apple iMac at an Apple reseller shop in Bangkok September 18, 2015.[Photo/Agencies] |
Apple Inc said the WeChat messaging application and car-hailing app DiDi Taxi were among the 25 most popular apps that were found to be infected with malicious software, the first-ever large-scale attack on its App Store.
The company had not previously disclosed which apps had been affected, although many had been identified by third parties.
Apple said on Sunday it was cleaning up its App Store after several cybersecurity firms reported that unknown hackers had embedded a malware, dubbed XcodeGhost, in hundreds, possibly thousands, of Chinese apps. "We have no information to suggest that the malware has been used to do anything malicious," Apple said in its XcodeGhost Q&A on Thursday.
Other infected apps include Baidu Inc's Baidu Music app, a music app from Internet portal NetEase Inc, and 58.com Inc's classified job, used cars and rent apps. Tencent Holdings Ltd owns WeChat.
This is the first reported case of a large number of malicious software programs making their way past Apple's stringent app review process.
Cybersecurity firm FireEye Inc said earlier this week that the security breach was much bigger than previously thought, affecting more than 4,000 apps on the App Store, compared with the earlier estimate of 39. Prior to this attack, a total of just five malicious apps had ever been found in the App Store, according to cybersecurity firm Palo Alto Networks Inc.
Apple said on Thursday it was working with developers to get the apps back on the App Store and was blocking new apps that contained the malware. It also said some of the affected apps could be fixed through updates. The hackers targeted the App Store using a counterfeit version of Xcode "toolkit", Apple's app-building software.
Many Chinese app firms downloaded the tainted software kit instead of the original one because of the slow download speeds from Apple's official servers located overseas.