Hackers have infiltrated some of the most popular Apple iPhone and iPad applications, infecting them with malicious software and potentially accessing private user data and passwords.
The infected apps can transmit information about a user’s device, prompt fake alerts that could be used to steal passwords to Apple’s iCloud service, and read and write information on the user’s clipboard, according to Business Spectator.
In China, more than 300 iPhone and iPad apps were infected with the ‘XcodeGhost’ malware, including popular instant messaging service WeChat and ride-hailing app Didi Kuaidi, Chinese state-run media said.
Apple said in a statement on Monday (local time) it had since removed the tainted applications from its App Store, days after security researchers revealed the breach.
This comes as a huge blow to the US company, with China being its second-largest market.
“To protect our customers we’ve removed the apps from the App Store that we know have been created with this counterfeit software, and we are working with the developers to make sure they’re using the proper version of (Apple software) Xcode to rebuild their apps,” Apple told AFP.
The attack affected more than three dozen apps, Business Spectator reported.
Late last week, Palo Alto Networks said the attack was the first of its type directed at Apple’s iOS mobile operating system.
It was unable to comment whether the Chinese Government was behind the attack.
Palo Alto Networks warned users of any future attacks.
Security researcher Claud Xiao wrote on the website on Friday: “criminals and spies could use the malware to gain access to iOS devices”.
“We believe XcodeGhost is a very harmful and dangerous malware that has bypassed Apple’s code review and made unprecedented attacks on the iOS ecosystem,” he said.
– with AAP