Apple is trying to rid the App Store of hundreds of apps containing a malicious program called XcodeGhost, Reuters reports. The flaw was brought to Apple’s attention by several cybersecurity firms last week, including Palo Alto Networks, which claims that popular apps like Angry Birds 2 and WeChat have been built with a counterfeit version of Xcode downloaded from Chinese servers. The malware’s primary function is to collect information stored on devices and upload that data to remote servers, but it has also been found to prompt fake alerts to phish for passwords from users, hijack opening specific URLs, and read and write data into the user’s clipboard, allowing the malware to read a user’s password if it is copied from a password management tool.
Apple hasn’t commented on what iPhone and iPad users can do to determine which devices have been infected, but spokeswoman Christine Monaghan said, “We’ve removed the apps from the App Store that we know have been created with this counterfeit software. We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.” So far that list doesn’t include popular apps like Angry Birds 2 or WeChat, which are still available in the App Store as of Monday morning. Angry Birds maker Rovio has also made no mention if the XcodeGhost bug, making the app’s inclusion on the list even more baffling. Palo Alto Networks Director of Threat Intelligence Ryan Olson said the firm had uncovered no clear cases of data theft or harm as a result of the attack so far, but that the attack is significant because it proved the App Store’s security can be compromised by infecting the machines of software developers writing legitimate apps. The full list of affected apps published by Palo Alto Networks (including titles translated from Mandarin by Business Insider) is listed below:
WeChat
Didi Chuxing
Angry Birds 2
NetEase
Micro Channel
IFlyTek input
Railway 12306
The Kitchen
Card Safe
CITIC Bank move card space
China Unicom Mobile Office
High German map
Jane book
Eyes Wide
Lifesmart
Mara Mara
Medicine to force
Himalayan
Pocket billing
Flush
Quick asked the doctor
Lazy weekend
Microblogging camera
Watercress reading
CamScanner
CamCard
SegmentFault
Stocks open class
Hot stock market
Three new board
The driver drops
OPlayer
Telephone attribution assistant
Marital bed
Poor tour
I called MT
I called MT 2
Freedom Battle