Hackers have carried out a major attack on Apple’s App Store for the first time.
After cyber security firm Palo Alto Networks reported that nearly 40 apps up were infected with malicious code, Apple acknowledged the hack and said it had been resolved, as Reuters reports.
The hack seems to be targeted at China, with hackers providing an infected version of Apple’s software, known as Xcode, for creating iOS apps to developers.
The apps that were made with this software could open other websites to spread the virus and create pop-up screens asking for personal information like passwords.
An Apple spokesperson tells Reuters the App Store is now safe.
“We’ve removed the apps from the App Store that we know have been created with this counterfeit software,” the spokesperson says.
“We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.”
It’s the first time there has been a major breach of Apple’s apparently stringent review process, and although there doesn’t seem to have been any real damage caused by the attack, it’s a sign of its vulnerabilities.
“Developers are now a huge target,” Palo Alto Networks director of threat intelligence Ryan Olsen tells Reuters.
Some developers in China download the app-making software from other sources as it can take a long time through Apple.
The hack led to many very popular apps being infected, including Chinese ride-sharing startup Didi Kuaidi and global instant-messaging service WeChat.
The malicious code seems to be removed when the apps are updated.
Palo Alto Networks’ Claud Xiao says in a blog post that these are “unprecedented attacks”.
“The techniques used in this attack could be adopted by criminal espionage-focused groups to gain access to iOS devices,” Xiao says.
This article was first published on StartupSmart.
COMMENTS
SmartCompany is committed to hosting lively discussions. Help us keep the conversation useful, interesting and welcoming. We aim to publish comments quickly in the interest of promoting robust conversation, but we’re a small team and we deploy filters to protect against legal risk. Occasionally your comment may be held up while it is being reviewed, but we’re working as fast as we can to keep the conversation rolling.
The SmartCompany comment section is members-only content. Please subscribe to leave a comment.
The SmartCompany comment section is members-only content. Please login to leave a comment.