iPhone hack shock - are you exposed?

Rights, Scams and Politics

Updated on 21 September 2015 | 0 Comments

Apple confirms attack on iOS App Store, which may have affected millions.

A malicious program embedded in hundreds of legitimate apps available in Apple’s iOS App Store may have affected hundreds of millions of users.

Cyber security firm Palo Alto Networks said on Friday that its threat intelligence team, Unit 42, found that a piece of malware had infected 39 apps on the App Store.

This includes the popular messaging app WeChat, which boasts ‘a half billion’ users on the front page of its website. It is most widely used in China and South East Asia.

The malware, XcodeGhost, was embedded in a counterfeit version of Apple’s official development tool, Xcode, and then uploaded to a Chinese cloud file sharing service. It was then inadvertently downloaded by some developers who were trying to get hold of the official development environment, named Xcode.

It may be that developers were downloading the tools from this third-party source because it was faster than using Apple’s servers.

While the affected apps were developed in China, some of them are available in other countries. A full list of infected apps has been posted by a staff member on the MacRumors forums.

WeChat responded to the incident on its blog, saying that the flaw has now been repaired and only affected users of version 6.2.5 for iOS. It said that the breach would not affect users who upgrade to version 6.2.6 or greater.

An Apple spokesperson said that all infected software had now been removed from the App store. It is now working with developers to ensure that they’re using the proper software to rebuild their apps.

What to do if your device has been infected

Infected apps can record information about your device’s system, and the attacker can send prompts to users to phish for their personal details including passwords.

It’s therefore really important that you uninstall any affected iOS apps (check the list here) that you may have installed, or update to a version that has been confirmed as malware-free by the developer. If you believe you may have been affected by the breach, it would also be wise to change any passwords you have inputted on your device as soon as possible.

Check your credit report for free

More on scams

The scams fooling experienced investors

New DVLA driving licence scam email warning

Latest bank data theft: are you affected?

Comments

Be the first to comment

Do you want to comment on this article? You need to be signed in for this feature

Copyright © lovemoney.com All rights reserved.

 

loveMONEY.com Financial Services Limited is authorised and regulated by the Financial Conduct Authority (FCA) with Firm Reference Number (FRN): 479153.

loveMONEY.com is a company registered in England & Wales (Company Number: 7406028) with its registered address at First Floor Ridgeland House, 15 Carfax, Horsham, West Sussex, RH12 1DY, United Kingdom. loveMONEY.com Limited operates under the trading name of loveMONEY.com Financial Services Limited. We operate as a credit broker for consumer credit and do not lend directly. Our company maintains relationships with various affiliates and lenders, which we may promote within our editorial content in emails and on featured partner pages through affiliate links. Please note, that we may receive commission payments from some of the product and service providers featured on our website. In line with Consumer Duty regulations, we assess our partners to ensure they offer fair value, are transparent, and cater to the needs of all customers, including vulnerable groups. We continuously review our practices to ensure compliance with these standards. While we make every effort to ensure the accuracy and currency of our editorial content, users should independently verify information with their chosen product or service provider. This can be done by reviewing the product landing page information and the terms and conditions associated with the product. If you are uncertain whether a product is suitable, we strongly recommend seeking advice from a regulated independent financial advisor before applying for the products.