The malware breach of Apple's App Store was 10 times worse than thought, according to a computer security firm that says it found 4,000 infected apps.
California-based FireEye Inc. said in a statement that after learning of the App Store vulnerability, which was made public earlier this week, its researchers "identified more than 4,000 infected apps" among the offerings for iPhones, iPods and iPads.
"The malicious apps steal device and user information," the company said.
- Apple confirms XcodeGhost malware found in several apps
- Malware-infected apps found in Canadian App Store
Previously, Chinese security firm Qihoo360 said it had found 344 apps tainted with the so-called XCodeGhost malware.
The WeChat messaging app, the car-hailing service DiDi Taxi, and music apps from Baidu Inc. and internet portal NetEase are among those researchers have identified as affected.
Hackers embedded malicious code in the apps by convincing developers of legitimate software to use a tainted, counterfeit version of Apple's software for creating iOS and Mac apps, which is known as Xcode, Apple said.
China's firewall at issue
The tainted version of Xcode was downloaded from a server in China that developers in the country may have used because it allowed for faster downloads than using Apple's servers in the U.S. Because of China's internet firewall, it can take up to three times longer for developers there to download XCode from Apple's American servers, compared with 25 minutes for domestic downloads from within the U.S., company executive Phil Schiller said this week.
It is the first reported case of large numbers of malicious software programs making their way past Apple's stringent app review process. Prior to this attack, a total of just five malicious apps had ever been found in the App Store, according to cyber security firm Palo Alto Networks Inc.
Apple said it was working with developers to get the cleaned-up apps back on the App Store and was blocking new apps that contained the malware.
"We have no information to suggest that the malware has been used to do anything malicious," Apple said in its XcodeGhost Q&A web page.