The Apple community has long bragged about how it is seemingly immune to hackers. Not so anymore. Hundreds of apps are plagued with a serious security flaw. The hackers duped Chinese developers into using a counterfeit version of Xcode, Apple’s official development tool.
WeChat, a messaging and calling app with 600 million users, was one of the hacked apps along with the file-compression app, WinZip. It is estimated that hundreds of apps have been infected. While the vast majority of the apps are in China’s App Store, some, such as the business card scanner CamCard and Angry Birds 2, are available outside of China.
Dubbed XcodeGhost, the malware can steal passwords by prompting you for your iCloud credentials. Also, the apps have access to anything from your clipboard such as passwords that you copy and paste from a password app, such as 1Password or SplashID.
Apple has pulled hundreds of apps from the App Store but has yet to publish a list of affected apps. Several sites, such as Cult of Mac, have provided a list of apps that are known to be affected. If one of your apps is on the list, you should delete it and reinstall it.
So how does this happen? Apple is known for putting apps through their paces before approving them to be sold on the App Store. Obviously, there was a significant breakdown somewhere along the line. While there have been instances of a nefarious app or two getting into the App Store, the volume of this hack is unprecedented.