Apple has removed some applications from its App Store after developers in China were tricked into using software tools that added malicious code in an unusual security breach.
Apple gave no details of which companies were affected.
However, Tencent Holdings (騰訊) said that its popular WeChat (微信) app was affected and that it had released a new version after spotting the malicious code.
Chinese news reports said others affected included banks, an airline and a popular music service.
The malicious code spread through a counterfeit version of Apple’s Xcode tools used to create apps for its iPhones and iPads, according to the company.
It said the counterfeit tools spread when developers obtained them from “untrusted sources” rather than directly from Apple.
The malicious software collects information from infected devices and uploads it to outside servers, according to Palo Alto Networks, a US-based security firm.
It was first publicized last week by security researchers at Alibaba Group Holding (阿里巴巴), the e-commerce giant, who dubbed it XcodeGhost.
The creators of the malware took advantage of public frustration with Beijing’s Internet filters, which hamper access to foreign Web sites. That prompts some people to use copies of foreign software or documents that are posted on Web sites within China to speed up access.
“Sometimes network speeds are very slow when downloading large files from Apple’s servers,’’ wrote Claud Xiao, a Palo Alto Networks researcher, on its Web site.
Due to the large size of the Xcode file, “some Chinese developers choose to download the package from other sources or get copies from colleagues,” he said.
So far about 40 apps with malicious code made it into the App Store, Palo Alto Networks researchers said.
The list includes some of the most popular apps in China, like the taxi-hailing app Didi Kuaidi (滴滴打車), as well as Citic Industrial Bank (中信銀行), China Southern Airlines (中國南方航空) and the music service of NetEase (網易), a popular Web portal, according to the Yangcheng Evening News.
Many of the apps are popular elsewhere as well, like WeChat, which has about 500 million users, and the business card scanner CamCard.
The bad versions of Xcode were all on a cloud hosting service owned by Chinese Internet company Baidu (百度).
Baidu has removed them, Palo Alto Networks’ Ryan Olson said.
Researchers said only the most recent versions of the apps created with the counterfeit version of Xcode were at risk.
The bad Xcode was available only to those developers who had disabled Apple’s safety features.
Otherwise, Apple would have presented a warning that something was wrong with Xcode, Olson said.
The incident is only the sixth time malicious software is known to have made it through Apple’s screening process for products on its App Store, according to Xiao.
Additional reporting by NY Times News Service
Swedish Member of Parliament Hampus Hagman is pushing for changing the name of the nation’s trade office in Taipei to signal improved relations with “Asia’s perhaps foremost democracy.” Hagman on Wednesday last week proposed renaming the Swedish Trade and Invest Council to “Sweden’s Office in Taipei,” following similar changes by other nations. The Swedish Trade and Invest Council, part of Business Sweden, is owned by the Swedish government and Swedish industry. Taiwan and Sweden share important values such as respect for democracy, human rights, the rule of law and freedom of speech, Hagman said in the motion, adding that the two nations
TWO CASES: The five allegedly conspired with conglomerates, threatening the nation’s governance and subverting the rules of ethical conduct, a deputy chief prosecutor said Taipei prosecutors yesterday charged three legislators and one former lawmaker with contravening the Anti-Corruption Act (貪污治罪條例) in a case linked to former Pacific Distribution Investment Co (太平洋流通) chairman Lee Heng-lung’s (李恆隆) battle with the Far Eastern Group (遠東集團) over ownership of the Pacific SOGO Department Store (太平洋崇光百貨) chain, while independent Legislator Chao Cheng-yu (趙正宇) was indicted in a separate case involving two funeral services companies and a plot of land in a national park. Chinese Nationalist Party (KMT) legislators Chen Chao-ming (陳超明) and Sufin Siluko (廖國棟), Democratic Progressive Party (DPP) Legislator Su Chen-ching (蘇震清) and former New Power Party legislator
PENGHU INSPECTION: Taiwan cannot let its enemies strut around in its airspace, Tsai said, one day after a Chinese spokesman denied a median line exists in the Taiwan Strait Following China’s assertion on Monday that there is no “median line” in the Taiwan Strait, President Tsai Ing-wen (蔡英文) yesterday pledged to defend the nation’s airspace during a visit to an air force base in Penghu, saying that Taiwan cannot allow others to flex their military muscle in its territorial airspace. Tsai praised the “heroic performance” of the pilots of the Indigenous Defense Fighters who have been intercepting Chinese People’s Liberation Army Air Force planes in recent days. “I have a lot of confidence in you. As soldiers of the Republic of China [ROC], how could we let enemies strut
EFFICIENCY: The rules for Philippine arrivals were revised after 17.6% of arrivals with symptoms tested positive, compared with 0.7% of those with no symptoms Starting today, Chinese spouses who hold a reunion permit can apply to enter Taiwan and travelers without symptoms from the Philippines do not need to be tested for COVID-19 upon arrival, but are to be tested after a 14-day quarantine, the Central Epidemic Command Center (CECC) said yesterday. Minister of Health and Welfare Chen Shih-chung (陳時中), who heads the center, said that from today, Chinese who are married to a Taiwanese citizen and hold a reunion permit can apply to the National Immigration Agency for entry into Taiwan. Chinese who are married to a foreign national and hold an accompanied reunion permit