For as long as the iOS and Android fans have been trying to get the better of each other, the one argument I’ve heard from Apple fanboys is “iOS is safer and the store isn’t full off malware.” Now however, that’s all changed as Apple has been busy removing apps filled with malware in the first major attack on the App Store.
It seems many popular apps have become infected with malicious code which could, according to security firm Palo Alto Networks, prompt fake alerts to get hold of users details, hijack URLs, as well as read and write data – something you really don’t want to happen to your phone.
Apps such as WeChat, Chinese cab service Didi Kuaidi, and card scanning tool CamCard have become infected with the code which seems to have originated from XcodeGhost, a fake counterfeit version of Apple’s Xcode software used to build iOS and Mac apps.
Speaking to Reuters, an Apple spokesperson said:
We’ve removed the apps from the App Store that we know have been created with this counterfeit software. We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.
According to Palo Alto, it seems impatient developers are to blame for the malware outbreak as the XcodeGhost software, which is stored in a server in China, was quicker to download than Xcode, which is typically stored in a sever in the US. Fortunately, the security firm has noted that they’ve detected no evidence of theft or fraud from this code.
What’s most worrying about this is that it somehow managed to sneak past Apple’s rigorous code review protocol, and could open a door to other attempts to infect popular apps.