Apple withdraws some China apps after malware found

BEIJING (AP) — Apple Inc. has removed some applications from its App Store after developers in China were tricked into using software tools that added malicious code in an unusual security breach.

Apple gave no details of which companies were affected. But Tencent Ltd. said its popular WeChat app was affected and the company released a new version after spotting the malicious code. Chinese news reports said others affected included banks, an airline and a popular music service.

The malicious code spread through a counterfeit version of Apple’s Xcode tools used to create apps for its iPhones and iPads, according to the company. It said the counterfeit tools spread when developers obtained them from “untrusted sources” rather than directly from the company.

The malicious software collects information from infected devices and uploads it to outside servers, according to Palo Alto Networks, a U.S.-based security firm, which investigated the malware. It was first publicized last week by researchers at Alibaba Group, the e-commerce giant, who dubbed it XcodeGhost.

Cybersecurity experts say the episode shows that any device, including those running Apple’s iOS software, can be vulnerable to hackers even though Apple is known for rigorously scrutinizing apps that are offered in its store.

“I wouldn’t say that the floodgates for iOS malware are open now, but this vector is probably something that other attackers are going to try to replicate in the future,” said Ryan Olson, director of threat intelligence for Palo Alto Networks, in an interview. He said Apple is undoubtedly working on improving its ability to block similar attempts.

Hackers are increasingly looking for new ways to target mobile apps and devices, including iPhones, because they are so widely used by many consumers, added Darren Hayes, a cyber-security expert at Pace University in New York.

The creators of this malware took advantage of public frustration with Beijing’s Internet filters, which hamper access to Apple and other foreign websites. That prompts some people to use copies of foreign software or documents that are posted on websites within China to speed up access.

“Sometimes network speeds are very slow when downloading large files from Apple’s servers,” wrote Claud Xiao, a Palo Alto Networks researcher, on its website. Due to the large size of the Xcode file, “some Chinese developers choose to download the package from other sources or get copies from colleagues.”

Companies with apps that were affected include taxi-hailing service Didi Kuaidi, Citic Industrial Bank, China Southern Airlines and the music service of NetEase, a popular Web portal, according to the newspaper Yangcheng Evening News.

The incident is the only the sixth time malicious software is known to have made it through Apple’s screening process for products on its App Store, according to Xiao.

___

AP Technology Writer Brandon Bailey in San Francisco contributed to this report.

More in News

Drag queen Gigi Monroe reads a book about a wig during Drag Storytime at the Mendenhall Valley Public Library. (Ben Hohenstatt / Juneau Empire)
One for the books: Drag Storytime returns

Balloons, books, bustin’ moves.

FILE - Tara Sweeney, a Republican seeking the sole U.S. House seat in Alaska, speaks during a forum for candidates, May 12, 2022, in Anchorage, Alaska. Sweeney's campaign manager said, Wednesday, June 22, 2022, that the campaign did not plan to sue over a finding released by Alaska elections officials stating that she cannot advance to the special election for U.S. House following the withdrawal of another candidate. (AP Photo / Mark Thiessen, File)
Alaska Supreme Court ruling keeps Sweeney off House ballot

In a brief written order, the high court said it affirmed the decision of a Superior Court judge.

President Joe Biden signs into law S. 2938, the Bipartisan Safer Communities Act gun safety bill, in the Roosevelt Room of the White House in Washington, Saturday, June 25, 2022. First lady Jill Biden looks on at right. (AP Photo / Pablo Martinez Monsivais)
President signs landmark gun measure, says ‘lives will be saved’

The House gave final approval Friday, following Senate passage Thursday.

Three people were arrested over several days in a series of events stemming from a June 16 shoplifting incident, with a significant amount of methamphetamine seized. (Michael Penn / Juneau Empire)
Shoplifting investigation leads to arrests on drug charges

Significant amounts of drugs and loose cash, as well as stolen goods, were found.

Ben Gaglioti, an ecologist at the University of Alaska Fairbanks, stands next to a mountain hemlock tree damaged in winter on the outer coast of Glacier Bay National Park in Southeast Alaska. (Courtesy Photos / Ned Rozell)
Alaska Science Forum: Bonsai trees tell of winters long past

By Ned Rozell A GREEN PLATEAU NORTH OF LITUYA BAY — “These… Continue reading

This photo shows a return envelope from the recent special primary election for Alaska's lone seat in the U.S. House of Representatives. On Friday, a judge sided with the state elections office on a decision to omit fifth-place finisher Tara Sweeney from ballots in the special general election. Al Gross, who finished third in the special primary, dropped out of the race, creating confusing circumstances ahead of Alaska's first ranked choice vote. (Ben Hohenstatt / Juneau Empire)
Judge rules Sweeney wont advance to special election

Decision has Sweeney off the ballot for special election.

It's a police car until you look closely and see the details don't quite match. (Juneau Empire File / Michael Penn)
Police calls for Saturday, June 25, 2022

This report contains public information from law enforcement and public safety agencies.

A Princess Cruise Line ship is docked in Juneau on Aug. 25, 2021. (Michael Lockett / Juneau Empire File)
Ships in Port for the week of June 19

Here’s what to expect this week.

Mark Sabbatini / Juneau Empire 
Peter Froehlich, a retired Juneau district judge who is now a volunteer tour guide, explains the history of the history of the Kimball Theatre Pipe Organ in the State Office Building to a group of visitors Thursday. The organ has been idle since 2020 due to the COVID-19 pandemic, and now needs repairs before regular Friday lunchtime concerts and other performances on the 94-year-old instrument can resume.
Historic organ is in need of tuneup

How much it will cost and who will do it remain up in the air.

Most Read