Several Malware-Infected Apps Were Found in Apple’s Chinese App Store


The iOS App Store has been seen as a relatively trustworthy source of software since it launched in 2008. But as hackers tend to do, they found a way to get their malicious apps into China’s version of the App Store.

By using altered version of Apple’s development tool Xcode, they were able to slip malware-infected apps into the App Store. The problem began when developers downloaded altered version of Xcode (named “XcodeGhost”) from third-party sites.

When the apps built with the modified version of Xcode were launched, they collected the phone’s name, UUID, language and country, current time, and network type. The data was then encrypted and sent to servers in order to be tracked by unknown sources.

The bigger issue is that these apps made it into Apple’s App Store in China. While only a handful of apps have made it though Apple’s strict review process, all it takes is one app with an aggressive piece of malware to destroy the trust customers have put in Apple.

Fortunately, the apps have only been seen in the App Store in China, so it should be fairly easy for Apple to fix the problem.

Developers should not be downloading their tools from random third-party sites. If you are a developer, download Apple’s developer tools directly from the Mac App Store or Apple’s developer portal.

Apple has not responded to any requests for comment about XcodeGhost and the infected apps.

[via Palo Alto Networks, Wired]

A software engineer with a passion for creation and innovation using technology. To learn more about me, check out my personal website, which contains links to my projects. Email:

  • Chrome262

    you should see the CP24 or other news sites headlines on this, all panic until you read its Chinese apps and most in china, and then list the apps lol (Apple announced a rare security breach over the weekend that means some Canadians may have unwittingly infected their iPhones and iPads with malware that could expose their iCloud passwords and other personal data.) is a great example. Shocking malware in apps in China??? never would of thought, LOL