Apple was forced to remove several applications in the iOS App Store Sunday after sustaining its first massive security breach to date. The malware, which was found in several popular applications such as WeChat, originated from China and is said to steal data from users and forward them to servers controlled by hackers.
The malicious code is generated in several legitimate apps from developers fooled into using a modified version of Xcode, the software used to build iOS and Mac software, according to The Verge. This version is infected by the malware called XcodeGhost. The malware, besides phishing, could open URL as well as read and acquire clipboard data. This makes it a "very harmful and dangerous" code, according to security firm Palo Alto Networks.
"We've removed the apps from the App Store that we know have been created with this counterfeit software," Christine Monaghan, spokeswoman at Apple, told Reuters. "We are working with the developers to make sure they're using the proper version of Xcode to rebuild their apps."
Aside from WeChat, which had been updated to a clean version on Sept. 12, other infected apps include Didi Chuxing, Uber's rival in China, and CamCard, among other popular apps that could reach as much as 39. So far, there is still no information whether the security breach has affected user data or to what extent.
For years, security has been one of Apple's value proposition for its consumers, with its representatives often calling rival platforms such as Microsoft and Android as hotbeds for viruses and malwares. The security breach is, therefore, significant. The App Store and the wider Apple ecosystem has been touted as very strict and effective in screening threats. So the question now is how did the XcodeGhost pass the gatekeepers at Apple, according to BBC.