More than three dozen popular Chinese iPhone and iPad apps, such as Tencent Holdings’ WeChat, were found to be infected with malicious malware from XcodeGhost, according to researchers at Alibaba Mobile Security and Palo Alto Networks.
The attack enables the apps to transmit information about a user’s device and can prompt fake alerts for the purpose of stealing passwords to Apple’s iCloud service. Tencent Holdings says that no sensitive customer information had been lost, although they are continuing to do tests and monitor.
#Apple's most widespread and significant spread of malware in the app store’s history happened in China. http://t.co/nwYc8h6h5a @joshchin
— Wei Gu (@weigu) September 20, 2015
The security breach is the first of its kind for the Apple iOS mobile operating system, although iCloud has been under attack before, the iOS system has never been affected until now. Apple has taken steps to remove the problem and removed the apps from its App Store.
So far Palo Alto hasn’t been able to rule out the Chinese government as the source of the attack.