A large-scale cyberattack had been carried out on the Apple's iOS App Store, infecting several major apps that were later removed from Apple's servers. The flaw was initially spotted by Palo Alto Networks on September 17. The security firm states that the breach could impact “hundreds of millions of users.”
The malware, dubbed XcodeGhost, managed to get to the App Store through the official developers, who were convinced to use a modified version of the software (Xcode) used for creating iOS apps. The embedded malware code could then be used by an attacker to monitor a user's clipboard, steal credentials by prompting a fake dialogue alert and open URLs. On the whole, Apple identified 39 apps as infected. Most of the apps were of Chinese origin, but such popular applications as WeChat 6.2.5 and CamCard were also on the list. The latest version of WeChat is said to be safe. The infected apps were removed from the App Store shortly, but, according to Reuters, the number may be much bigger (up to 344). A spokesperson for Apple told the Reuters that the company is “working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps."
Palo Alto Networks says that this was the first large-scale attack that made its way through the Apple's security algorithms. So, if you have any old apps, be sure to update them as soon as possible.