Apple acknowledged today that the App Store was hit with a major malware attack, dubbed XcodeGhost. Although the company also confirmed that the infected apps have been removed from the App Store. But, if you want to know how this came to pass Apple's stringent code check and App Store guidelines, read on.
It wasn't the most sophisticated way of attack. Instead hackers duped developers into downloading "updated"/"modified" version of Apple's Xcode development suite. Xcode is a free development environment for developing iOS and Mac apps. Given that the software is free, its strange that developers would downloaded a malware infected version.
Nevertheless, when developers used this infested version of Xcode, the software injected XcodeGhost malware into the code which would have been a potential data gold-mine for these hackers. And we are not talking about noobs here, developers of popular apps like WeChat, CamCard, CamScanner, and Didi Chuxing were all duped into using modified Xcode.
Although Apple hasn't disclosed the total number of names of all affected, Palo Alto Networks, a security firm claims that as many as 39 apps were affected. Its good to see Apple getting on top of this quickly before the issue escalates further even though it might have already affected hundreds of millions of users, representatives said that all affected apps have been removed from the App Store and the company was talking to developers about using the official version of Xcode.
Source: Reuters
