As you may have heard, Apple has pulled a number of apps made by Chinese developers from the App Store – among them WeChat, Didi and China Unicom – because they contain malicious code that could be used to steal data from users.
Apple has famously rigorous standards to ensure iOS apps are safe, so this major breach is considered the first large-scale attack on the App Store.
How did this happen?
The infected apps were all made with a counterfeit version of Apple’s Xcode, a software development tool used to make iOS apps. Most app developers download the official Xcode software from Apple’s website – but as we all know too well from painful experience, downloading files in China from overseas servers can be very time consuming indeed. It’s likely that Chinese app developers downloaded the counterfeit version of Xcode – which the hackers had put on Chinese servers and distributed on Chinese websites– simply to save themselves some mafan.
Which apps are affected?
China’s state-run broadcaster CCTV puts the total number of affected apps at around 350. They include some of China’s most popular apps from some of the country’ biggest and most trusted names, among them:
· WeChat
· Popular car-hailing app Didi Chuxing
· Official train ticket booking app 12306
· Gaode map app
· NetEase’s music app
· China Unicom’s account management app
· CITIC banking app
What does the malware do?
A number of capabilities have been ascribed to the malware that would potentially allow the hackers to do the following:
· Steal user data
· Steal logins and passwords
· Open dangerous websites
· Push ads and fake alerts to devices
Who’s behind the attack?
On Sunday, a Weibo account named XcodeGhost-Author claimed responsibility and apologized, saying the malware was an “accidental discovery” that was distributed as “a one-time, mistaken experiment.”
According to the Wall Street Journal:
“The message said the user inserted code that would have allowed the pushing of ads to devices but that the function was never exploited. The message added that the malware collected only basic data. ‘And 10 days ago, I actively shut down the server and deleted all the data, so it will not have any effect on anyone,’ it said.”
Of course, it’s not possible to verify if the message really came from the hackers, or how innocent their intentions really were.
Should I be worried?
At this point, it’s difficult to be sure whether or not malicious hackers have obtained the kind of data (personal information, passwords, photos and so on) that you should be worried about. Having said that, there’s probably no need to panic. Per China Digital Times:
“According to [security firm] Palo Alto Networks’ technical analysis, the currently compromised apps gather mostly innocuous data including the time; infected app’s name and bundle identifier; the name, type, UUID, and language and country settings of the device; and the type of network to which it is connected.”
Security researcher Charlie Miller agrees, telling Wired: “I wouldn’t worry too much” because “the apps that did get through didn’t seem to do any really nasty stuff.”
It’s still advisable to remove any affected apps from your phone just in case.
So… I should uninstall WeChat from my iPhone?
The thought that you might have to abandon your epic collection of stickers and resort to communicating with friends via actual text – as in words in an SMS like it’s 2012 or something – might be too much for some. The good news – if you trust Tencent – is WeChat claims the malware was only detected on an old version (WeChat v. 6.2.5), and as long as you install or upgrade to the latest version (6.2.6), currently available in the App Store, you’ll be fine. They also say, “A preliminary investigation into the flaw has revealed that there has been no theft and leakage of users’ information or money, but the WeChat team will continue to closely monitor the situation.”
This story orgininally appeared on That's