Apple has removed some applications from its App Store after developers in China were tricked into using software tools that added malicious code in an unusual security breach.
Apple gave no details of which companies were affected.
However, Tencent Holdings (騰訊) said that its popular WeChat (微信) app was affected and that it had released a new version after spotting the malicious code.
Chinese news reports said others affected included banks, an airline and a popular music service.
The malicious code spread through a counterfeit version of Apple’s Xcode tools used to create apps for its iPhones and iPads, according to the company.
It said the counterfeit tools spread when developers obtained them from “untrusted sources” rather than directly from Apple.
The malicious software collects information from infected devices and uploads it to outside servers, according to Palo Alto Networks, a US-based security firm.
It was first publicized last week by security researchers at Alibaba Group Holding (阿里巴巴), the e-commerce giant, who dubbed it XcodeGhost.
The creators of the malware took advantage of public frustration with Beijing’s Internet filters, which hamper access to foreign Web sites. That prompts some people to use copies of foreign software or documents that are posted on Web sites within China to speed up access.
“Sometimes network speeds are very slow when downloading large files from Apple’s servers,’’ wrote Claud Xiao, a Palo Alto Networks researcher, on its Web site.
Due to the large size of the Xcode file, “some Chinese developers choose to download the package from other sources or get copies from colleagues,” he said.
So far about 40 apps with malicious code made it into the App Store, Palo Alto Networks researchers said.
The list includes some of the most popular apps in China, like the taxi-hailing app Didi Kuaidi (滴滴打車), as well as Citic Industrial Bank (中信銀行), China Southern Airlines (中國南方航空) and the music service of NetEase (網易), a popular Web portal, according to the Yangcheng Evening News.
Many of the apps are popular elsewhere as well, like WeChat, which has about 500 million users, and the business card scanner CamCard.
The bad versions of Xcode were all on a cloud hosting service owned by Chinese Internet company Baidu (百度).
Baidu has removed them, Palo Alto Networks’ Ryan Olson said.
Researchers said only the most recent versions of the apps created with the counterfeit version of Xcode were at risk.
The bad Xcode was available only to those developers who had disabled Apple’s safety features.
Otherwise, Apple would have presented a warning that something was wrong with Xcode, Olson said.
The incident is only the sixth time malicious software is known to have made it through Apple’s screening process for products on its App Store, according to Xiao.
Additional reporting by NY Times News Service
RETHINK? The defense ministry and Navy Command Headquarters could take over the indigenous submarine project and change its production timeline, a source said Admiral Huang Shu-kuang’s (黃曙光) resignation as head of the Indigenous Submarine Program and as a member of the National Security Council could affect the production of submarines, a source said yesterday. Huang in a statement last night said he had decided to resign due to national security concerns while expressing the hope that it would put a stop to political wrangling that only undermines the advancement of the nation’s defense capabilities. Taiwan People’s Party Legislator Vivian Huang (黃珊珊) yesterday said that the admiral, her older brother, felt it was time for him to step down and that he had completed what he
Taiwan has experienced its most significant improvement in the QS World University Rankings by Subject, data provided on Sunday by international higher education analyst Quacquarelli Symonds (QS) showed. Compared with last year’s edition of the rankings, which measure academic excellence and influence, Taiwanese universities made great improvements in the H Index metric, which evaluates research productivity and its impact, with a notable 30 percent increase overall, QS said. Taiwanese universities also made notable progress in the Citations per Paper metric, which measures the impact of research, achieving a 13 percent increase. Taiwanese universities gained 10 percent in Academic Reputation, but declined 18 percent
CHINA REACTS: The patrol and reconnaissance plane ‘transited the Taiwan Strait in international airspace,’ the 7th Fleet said, while Taipei said it saw nothing unusual The US 7th Fleet yesterday said that a US Navy P-8A Poseidon flew through the Taiwan Strait, a day after US and Chinese defense heads held their first talks since November 2022 in an effort to reduce regional tensions. The patrol and reconnaissance plane “transited the Taiwan Strait in international airspace,” the 7th Fleet said in a news release. “By operating within the Taiwan Strait in accordance with international law, the United States upholds the navigational rights and freedoms of all nations.” In a separate statement, the Ministry of National Defense said that it monitored nearby waters and airspace as the aircraft
UNDER DISCUSSION: The combatant command would integrate fast attack boat and anti-ship missile groups to defend waters closest to the coastline, a source said The military could establish a new combatant command as early as 2026, which would be tasked with defending Taiwan’s territorial waters 24 nautical miles (44.4km) from the nation’s coastline, a source familiar with the matter said yesterday. The new command, which would fall under the Naval Command Headquarters, would be led by a vice admiral and integrate existing fast attack boat and anti-ship missile groups, along with the Naval Maritime Surveillance and Reconnaissance Command, said the source, who asked to remain anonymous. It could be launched by 2026, but details are being discussed and no final timetable has been announced, the source