Apple has removed a number of apps from the App Store after news broke that hackers had found a way to distribute malware through those apps without the knowledge of the app publishers. It’s unknown how many users downloaded the apps before Apple took action.
Hackers found a backdoor into the App Store by adding malicious code to Xcode, a collection of software development tools used by programmers to build apps for iPhones and iPads. Apple typically distributes Xcode itself, but popular new releases can lead to long download times. That’s why developers at times redistribute these kinds of tools to help each other to faster downloads. Hackers apparently did just that — but not before modifying Xcode to add malware to any app compiled with it.
Security research company Palo Alto Networks first published a report about the problem on Friday, initially writing that likely a few dozen apps were infected by the malware, and estimating that it could affect “hundreds of millions of users.” At the time, it looked like the problem was mostly affecting Chinese apps.
However, a Dutch security company followed up with its own investigation, identifying dozens of additional apps. Some of those apps, while developed in China, have international audiences, including the popular messaging app WeChat and business card scanner CamCard.
Some of the affected companies have since replaced their apps; Tencent, the maker of WeChat, has asked users to update their apps, according to a New York Times report. Some other apps, including the file archival tool WinZip, remain unavailable on the app store.