Skip to main content

Apple cleans up iOS store after major malware security breach

iOS 9 Hands On
Malarie Gokey/Digital Trends
Although it has its detractors, Apple’s closed ecosystem has helped it to maintain strict control over its iOS App Store, with stringent checks working to eliminate malware from making it into the store.

In recent days, however, a number of security firms have uncovered the existence of infected iPhone apps in the iOS store in what looks to be the biggest security breach in the store’s seven-year history.

Related Videos

Security firm Palo Alto Networks (PAN) said it’d so far uncovered 39 infected apps “potentially impacting hundreds of millions of users” in multiple countries. It described the malicious software as “a very harmful and dangerous malware that has bypassed Apple’s code review and made unprecedented attacks on the iOS ecosystem.”

PAN’s analysis of the malware revealed it’s capable of, for example, prompting fake phishing alerts to grab user credentials, as well as reading and writing data in the user’s clipboard, which could be used to obtain password information if such data is copied from a password management tool.

In a statement obtained by Reuters, Apple spokesperson Christine Monaghan said, “We’ve removed the apps from the App Store that we know have been created with this counterfeit software.”

Affected software includes leading Chinese messaging app WeChat and China-based Uber competitor Didi Kuaidi. WeChat said in a blog post the malware had been discovered in an earlier version of its app and so iOS users should ensure they have the latest malware-free version on their device.

It seems hackers targeted Chinese developers in their effort to get the malware into apps and onto the App Store. This was done by getting developers to use a tainted version of Apple’s app development tool, called Xcode.

Without realizing, developers using the tainted software, dubbed XcodeGhost, were incorporating malware into their apps before submitting them to the App Store. Apple’s own checking procedures failed to spot the malicious software, allowing infected apps into the App Store for iPhone, iPad, and iPod Touch users to download.

With Apple proud of its reputation for security when it comes to its iOS app store, the incident will be a matter of concern – and embarrassment – for the company. Apple said on Sunday it’s warning iOS developers to obtain Xcode only from its own site, rather than from third-party sources, which seems to have been the case here.

Editors' Recommendations

The one thing the iPhone 14, Galaxy S23, and Pixel 7 all get wrong
Apple iPhone SE (2020) being plugged in to charge.

At Mobile World Congress (MWC) this year, new smartphones broke cover as one would expect. I won't bore you with all the details; Digital Trends' Joe Maring and Jacob Roach wrote an excellent roundup of all the best MWC 2023 announcements already.

One key quality-of-life-improving feature we picked up on as a theme was charging speed. Apple, Samsung, and Google, the mainstream phone brands by coverage (even if not all by sales), stick to a fast-charging average speed of just over an hour — even with the latest iPhone 14, Galaxy S23, and Pixel 7. By comparison, a phone from Xiaomi, Oppo, or OnePlus can get you moving in 30 minutes or even less. It's time to demand more from our phones.
Fast charging exists — just not for you

Read more
I created the perfect iPhone home screen — and you can too
iPhone 14 Pro with custom home screen icons and widgets

With iOS 14, Apple began to open the floodgates for software customization on the iPhone. For the first time, you could add widgets to the home screen and even change app icons to custom ones without the need for a jailbreak. And iOS 16 gave us some more customization options in the form of the lock screen, although the interface for that is su-par, to say the least.

While I see a lot of people still use a stock grid layout on their home screen, I took some time when iOS 14 first came out to customize my iOS experience. I enjoy that it’s not just a boring grid of stock icons — having custom icons and widgets really mix things up a bit and gives me a more informative home screen.

Read more
Will my phone automatically change for daylight saving time?
The iPhone 14 Pro's Dynamic Island showing the timer and music playing.

Like it or not, it's that time of year again — time for daylight saving time. On Sunday, March 12, at 2:00 a.m. (local time), the majority of people in the United States will be "springing forward" and setting their clocks ahead by an hour. Along with losing an hour of sleep, it also poses an important question: will your phone automatically change for daylight saving time?

It's a question that applies regardless of which phone you have. Whether you're rocking an iPhone 14 Pro, a Samsung Galaxy S23 Ultra, or any other smartphone, it's important to know whether or not you need to change it for the new time.

Read more