Tainted Xcode IDE Tricks Apple Developers to Submit Malicious Apps in App Store

Apple’s App Store has been riddled with malware following a large-scale attack caused by malicious code, dubbed XcodeGhost, embedded in legitimate applications.

By tricking legitimate developers to download a tainted version of Apple’s Xcode IDE (integrated development environment) – used to make app development easier – attackers were able to embed their own malicious code in legitimate apps and use them to either steal users’ passwords or other personal information.

The tainted Xcode software was hosted on a Chinese server and developers allegedly chose to download this version because it took too long to download the official version from Apple’s own servers. Researchers identified 39 malicious apps, one of which attempted to grab users’ iCloud passwords.

WeChat, a popular Chinese application with more than 500 million users, has been reportedly infected by the malware, but the issue was quickly fixed after an update released two days after the tampered version was uploaded in the marketplace. The company said no sign of “theft and leakage of users’ information or money,” was reported following this incident.

The malicious applications have since been removed from Apple’s marketplace, and company spokeswoman Christine Monaghan said they’re working with developers to rebuild affected apps and make sure they’re using the right software to do it.

“We’ve removed the apps from the app store that we know have been created with this counterfeit software,”said Monaghan. “We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.”

Although Apple has declined to make any comments as to how many marketplace applications have actually been found infected with XcodeGhost, developers are encouraged to only download and use official tools, as it seems their legitimate applications can be hijacked to perform malicious actions.