Apple has announced that its China App Store had a security vulnerability resulting in fake copies of the tech giant's Xcode development tools infecting mobile apps. The tech giant is now removing the software applications that the hack affected.
When app developers used phony versions of Xcode, they were unaware they were submitting software containing malicious code along with their apps. The counterfeit Xcode version is known as XcodeGhost.
Apple noted in a statement that it has removed apps from the Apple Store that were made using the counterfeit software. Spokeswoman Christine Monaghan stated in an email that it is taking steps to ensure that developers use authentic Xcode versions to rebuild their app software.
Xcode tools are free downloads in the Mac App Store. Developers in China might have been tricked into using the fake software because it was faster to download.
A Chinese security firm reported that it uncovered 344 apps infected by XcodeGhost software. The malware sends fake alerts, reads and writes on the user's clipboard, transmits devices' info to the hackers, and starts phishing attacks to steal passwords, according to Uber Gizmo.
Infected apps included the popular WeChat app. It has become one of China's most popular messaging apps, and has the potential to overtake WhatsApp. However, the app's creator has announced that version 6.2.6 and higher were unaffected by the hack, according to 9 to 5 Mac.
Apple recommended that iPhone and iPad users update their apps to the latest versions. They should also change account passwords, such as for iCloud.
Apple created Xcode for developing software for iOS and OS X. It was released this month.