Apple’s App Store faced its first major malware attack over the past several weeks. The attack, called XcodeGhost, spread when hackers distributed a tainted version of Xcode, the official software development tool for creating apps.
Legitimate developers unknowingly coded apps using the faulty version of Xcode, and the resulting tainted apps made their way into the App Store.
Apple was quick to rid the App Store of the offending apps, and released a statement to developers encouraging them to validate their current version of Xcode, and to only download official releases from Apple in the future. The malware originated in China, when many developers downloaded the faulty Xcode software from unofficial servers to receive higher download speeds than the Apple server offers in China. According to security firm FireEye, the malware affected some 4,000 apps, some of which are still present in the App Store in China.
Apple released a statement this morning on their website, providing information about XcodeGhost, how it works, and ensuring that, as far as the company knows, nothing malicious has been done with the information obtained by the malware.
The statement goes on to list the top 25 apps that have been affected by XcodeGhost, and urges users who downloaded the faulty apps to obtain an update as soon as possible.
The Top 25 Affected Apps are:
WeChat, Didi Taxi, 58 Classifieds, Gaode Map, Railroad 12306, Flush, China Unicom Customer Service, CarrotFantasy 2, Miraculous Warmth, Call Me MT2, Angry Bird 2, Baidu Music, DuoDuo Ringtone, NetEase Music, Foreign Harbor, Battle of Freedom, One Piece, Let’s Cook, Heroes of Order & Chaos, Dark Dawn, I Like Being With You, Himalaya FM, CarrotFantasy, Flush HD, and Encounter.
Users who download their apps mainly from the United States App Store aren’t likely to be affected by the malware. However, it’s always a good idea to make sure you keep your apps updated to avoid any type of security breach.