Apple is removing hundreds of apps from the App Store after discovering that they contain a malicious program called XcodeGhost.
In the entire lifespan of the App Store, Apple has only previously found five malicious apps — making this easily the single biggest security lapse in App Store history.
Apple has declined to say exactly how many apps slipped past its review process, but Chinese security firm Qihoo360 Technology claims to have uncovered a total of 344 apps affected by XcodeGhost.
XcodeGhost made its way into legitimate apps when it was uploaded to the Chinese file sharing service Baidu and then downloaded by some Chinese app developers. They then compiled their apps using the malicious code and distributed them via the App Store.
Because of the apps’ origin, most of the affected users are based in China, although some of the other apps — such as scanner app CamCard — are available in the U.S. and other countries. The most popular app affected in WeChat, which is widely used in both China and other parts of the Asia-Pacific region. WeChat says the malicious XcodeGhost only affects older versions of the app.
“We’ve removed the apps from the app store that we know have been created with this counterfeit software,” Apple spokeswoman Christine Monaghan said in a statement. “We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.”
Apple has pulled infected apps off the store to stop stop the spread, but users still need to delete XcodeGhost apps off their devices manually. Most of the apps infected are mostly used in China, however some big name apps like WeChat, Angry Birds 2, and Didi Chuxing (Uber’s biggest rival in China) were also hit.
Here’s a full list of infected apps:
Angry Birds 2
CITIC Bank move card space
China Unicom Mobile Office
High German map
Medicine to force
Quick asked the doctor
Stocks open class
Hot stock market
Three new board
The driver drops