Apple App Store Hack 2015: Here's What You Need to Know About the App Store Hack

Apple App Store Hack 2015: Here's What You Need to Know About the App Store Hack
Source: AP
Source: AP

Apple is pulling dozens of popular apps from the iTunes Store following a massive attack that unfolded over the weekend. Security researchers from Palo Alto Networks, a security company based in Santa Clara, California, discovered the data hack, CNN Money reports

In total, hackers compromised 39 iPhone and iPad apps with malware capable of tricking users into disclosing iCloud passwords or clicking on virus-injecting URLs. Dubbed XcodeGhost, security researchers believe the malware could have affected hundred of millions of users, according to Palo Alto Networks

"We believe XcodeGhost is a very harmful and dangerous malware that has bypassed Apple's code review and made unprecedented attacks on the iOS ecosystem," reads a report from Palo Alto Networks. "The techniques used in this attack could be adopted by criminal and espionage focused groups to gain access to iOS devices."

This hack's common thread is China, CNN Money reports. All of the apps affected by the attack were developed in China and use a modified version of Apple's software development kit called Xcode, which offers developers a toolset to build apps for iOS.

WeChat, the ever-popular Chinese messaging app that hosts 600 million users, was among the infected apps. In a blog post, WeChat said the security flaw had been resolved and urged users to upgrade to the app's latest version.

"A preliminary investigation into the flaw has revealed that there has been no theft and leakage of users' information or money, but the WeChat team will continue to closely monitor the situation," WeChat wrote in its blog post

Apple said it has also taken steps to protect app users from the hack. "We've removed the apps from the App Store that we know have been created with this counterfeit software," Apple said in a statement to Reuters. "We are working with the developers to make sure they're using the proper version of Xcode to rebuild their apps."

Other compromised apps include taxi-hailing app Didi Chuxing, train ticket vendor app Railway 12306 and China Unicom Mobile Office.