Belfast Telegraph

UK Website Of The Year

Home News World

Apple's App Store hit by malicious software breach in China

Published 21/09/2015

Some apps on the Apple App Store in China have been removed due to malware issues
Some apps on the Apple App Store in China have been removed due to malware issues

Apple has removed some applications from its App Store after developers in China were tricked into using software tools that added malicious code in an unusual security breach.

Apple gave no details of which companies were affected. But Tencent said its popular WeChat app was affected and the company released a new version after spotting the malicious code.

Chinese news reports said others affected included banks, an airline and a popular music service.

The malicious code spread through a counterfeit version of Apple's Xcode tools used to create apps for its iPhones and iPads, according to the company.

It said the counterfeit tools spread when developers obtained them from "untrusted sources" rather than directly from the company.

The malicious software collects information from infected devices and uploads it to outside servers, according to Palo Alto Networks, a US-based security firm.

It was first publicised last week by security researchers at Alibaba Group, the e-commerce giant, who dubbed it XcodeGhost.

The creators of the malware took advantage of public frustration with Beijing's Internet filters, which hamper access to Apple and other foreign websites.

That prompts some people to use copies of foreign software or documents that are posted on websites within China to speed up access.

"Sometimes network speeds are very slow when downloading large files from Apple's servers," wrote Claud Xiao, a Palo Alto Networks researcher, on its website.

Due to the large size of the Xcode file, "some Chinese developers choose to download the package from other sources or get copies from colleagues".

Companies with apps that were affected include taxi-hailing service Didi Kuaidi, Citic Industrial Bank, China Southern Airlines and the music service of NetEase, a popular Web portal, according to the newspaper Yangcheng Evening News.

The incident is the only the sixth time malicious software is known to have made it through Apple's screening process for products on its App Store, according to Xiao.

Your Comments

COMMENT RULES: Comments that are judged to be defamatory, abusive or in bad taste are not acceptable and contributors who consistently fall below certain criteria will be permanently blacklisted. The moderator will not enter into debate with individual contributors and the moderator’s decision is final. It is Belfast Telegraph policy to close comments on court cases, tribunals and active legal investigations. We may also close comments on articles which are being targeted for abuse. Problems with commenting? customercare@belfasttelegraph.co.uk

Read More

From Belfast Telegraph