Overcoming bigger hurdles give better satisfaction. While this is true in our daily lives, it seems that hackers are presently the ones making the most of this common saying. And bearing the brunt, people on the other side of the fence are iTunes App Store users who’ve unsuspectingly downloaded apps that are laden with malware. This time around, the app developers are also facing the heat as they have been conned into downloading the manipulated version of Apple’s software development kit, Xcode.
As per the latest reports, the affected apps were all developed in China. The modus operandi that the cyber crooks applied this time was to lure the app developers into using the Xcode version that they (the hackers) had maneuvered by playing around with the security features. While the legitimate Xcode kit is also available for free, app developers blundered in the pursuit of retrieving the software faster than they could from the original Apple’s website. Although they couldn’t figure out the mistake that time, it was later that they realized that the apps they created were in fact affected and had the potential to steal customers’ iCloud passwords and create even bigger messes due to this.
As a first step towards combating the threat, Apple pulled down all the infected apps from its app store. In a statement released to the media, Apple shared that “We’ve removed the apps from the App Store that we know have been created with this counterfeit software…” They further stated that, “…We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.”
Out of the 39 iPhone and iPad apps that Apple researchers found were infected, WeChat, Didi Chuxing, and China Unicom Mobile Office are noteworthy. While many developers have already started working on fixing the damages, not everyone has shared their update.
Whether this instance can be treated as a simple intention of hack or another one of the large scale data breaches, only time will tell… For updates on the findings in this case, watch this space.