While Apple’s notoriously restrictive approach to apps has typically been thought to make malicious software on the platform next to impossible, security researchers recently identified dozens of apps containing malware in the App Store.
SEE ALSO: Apple removes apps after App Store hit with first major malware attack
The malware, called XcodeGhost, was first publicized by security researchers at Palo Alto Networks, who discovered the infected apps. The exploit puts quite a bit of personal and device information at risk, including your Apple ID and iCloud password, the contents of your device’s clipboard and your device’s name, type, and UUID (universally unique identifier).
The malware stems from a modified version of Xcode — that’s the set of software tools Apple provides to developers to create iOS apps — that contained malware. Though this was not the official version of Xcode provided by Apple (more on that later), the infected apps managed to make their way through Apple’s review process and into the App Store.
How bad is it?
While Palo Alto Networks’ Ryan Olson told Reuters they hadn’t found evidence the malware had been used to steal user information, the exploit is far reaching.
It’s hard to say exactly how many apps have been infected. Initially, Palo Alto Networks identified two infected apps but later increased that number to 39. The list included some of the most popular apps in China like WeChat, Angry Birds 2 (Rovio has said only the Chinese version was affected), Didi Chucking (a Chinese ride-hailing apps), Railway 12306 (the country’s official app for buying train tickets) and China Unicorn Mobile Office (made by one of the most popular carriers), according to the firm.