Apple has confirmed reports of an Apple App Store hacker attack that infected close to 40 apps with malware. Although the number of infected apps seems small, the attack could potentially affect the millions of iPhone and iPad users who may have downloaded them. It is believed the hackers used a developer tool known as XcodeGhost Malware to circumvent Apple’s strict approval testing to alter or infect more than three dozen legitimate applications in the App Store.
Apple moved swiftly to remove the infected apps following the discovery of the malware and has said it is monitoring the situation closely to prevent similar attacks. Online security companies investigated the malware and discovered that infected apps prompted users to enter information, were able to read and write a device’s clipboard, and opened websites that contained even more malicious code.
Palo Alto Networks, an internet security firm that analyzed the malicious code, concluded that the unprecedented attack included very harmful and dangerous malware that could be used by criminal and espionage groups to infiltrate iOS devices. With the ability to prompt a fake dialogue box requesting a user’s iCloud password, the security risks are enormous and owners of Apple devices will be right to be worried.
A Wake-up Call for Both Enterprise and Individual Apple Users
The technology industry has been shaken by news of the attack given the App Store’s previously robust security record. Speaking to the New York Times, Gary Steele, the CEO of Proofpoint Inc., a cyber-security company, had this to say: “I think it’s a wake-up call . . ., for both enterprises and individual users.” Some media reports have mentioned numbers of more than 300 infected apps, but the Cupertino tech Giant has only confirmed 39.
The infected include some of the world’s best-known applications, including a small number of popular apps in China such as WeChat and Didi Kuaidi. The attack has raised industry concerns about the vulnerability of users to malicious code in otherwise trusted content. Apps infected with malware are capable of stealing sensitive user information such as their login credentials, emails, and contacts.
Security experts are now encouraging device owners to carefully research apps before downloading them. Apple will have to work hard to reassure users and prevent similar attacks from happening in the future.