Apple App Store security breach 10 times bigger than thought, firm says

The malware breach of Apple's App Store was 10 times worse than thought, according to a computer security firm that says it found 4,000 infected apps.

Researchers at FireEye find 4,000 apps infected with XCodeGhost malware

In the first large-scale breach of Apple's App Store, hackers embedded malicious code in what is now thought to be 4,000 iOS apps by tricking software developers. (Dan Kitwood/Getty Images)

The malware breach of Apple's App Store was 10 times worse than thought, according to a computer security firm that says it found 4,000 infected apps.

California-based FireEye Inc. said in a statement that after learning of the App Store vulnerability, which was made public earlier this week, its researchers "identified more than 4,000 infected apps" among the offerings for iPhones, iPods and iPads.

"The malicious apps steal device and user information," the company said.

Previously, Chinese security firm Qihoo360 said it had found 344 apps tainted with the so-called XCodeGhost malware.

The WeChat messaging app, the car-hailing service DiDi Taxi, and music apps from Baidu Inc. and internet portal NetEase are among those researchers have identified as affected.

Hackers embedded malicious code in the apps by convincing developers of legitimate software to use a tainted, counterfeit version of Apple's software for creating iOS and Mac apps, which is known as Xcode, Apple said.

China's firewall at issue

The tainted version of Xcode was downloaded from a server in China that developers in the country may have used because it allowed for faster downloads than using Apple's servers in the U.S. Because of China's internet firewall, it can take up to three times longer for developers there to download XCode from Apple's American servers, compared with 25 minutes for domestic downloads from within the U.S., company executive Phil Schiller said this week.

It is the first reported case of large numbers of malicious software programs making their way past Apple's stringent app review process. Prior to this attack, a total of just five malicious apps had ever been found in the App Store, according to cyber security firm Palo Alto Networks Inc.

Apple said it was working with developers to get the cleaned-up apps back on the App Store and was blocking new apps that contained the malware. 

"We have no information to suggest that the malware has been  used to do anything malicious," Apple said in its XcodeGhost Q&A web page.

With files from Reuters and The Canadian Press


To encourage thoughtful and respectful conversations, first and last names will appear with each submission to CBC/Radio-Canada's online communities (except in children and youth-oriented communities). Pseudonyms will no longer be permitted.

By submitting a comment, you accept that CBC has the right to reproduce and publish that comment in whole or in part, in any manner CBC chooses. Please note that CBC does not endorse the opinions expressed in comments. Comments on this story are moderated according to our Submission Guidelines. Comments are welcome while open. We reserve the right to close comments at any time.

Become a CBC Member

Join the conversation  Create account

Already have an account?