The Malware Invasion of Apple's App Store Was More Widespread Than We Thought

On the bright side, the malicious apps might not have been that dangerous.

|
Sep 23 2015, 1:46pm

Image: charnsitr/Shutterstock

The unprecedented malware invasion that hit Apple's App Store, which caused normally legitimate apps such as the WeChat to be laced with malware, apparently reached way more apps than initially reported.

The malicious apps were more than 4,000, and not just 39 as first reported, according to security firm FireEye. The company's estimate is in line with that of the Pangu Team, a Chinese developer team known for releasing jailbreaks, which claimed to have detected 3,418 malicious iOS apps.

Apple has yet to release an official list of affected apps, but the company published a blog post in both Chinese and English, instructing developers on how to avoid downloading a malicious version of Xcode, the software used to develop iOS apps, which was compromised in this attack.

But GreatFire, a Chinese digital rights organization, warned that it's still possible to download a malicious version of Xcode while following Apple's recommendations if developers use the popular Chinese download manager Xunlei. As a solution, GreatFire recommended developers to always download code from the official Mac App Store, and always check the digital signature of the tools they download.

On the bright side, mobile security firm Appthority said that the malicious apps were not as dangerous as they could've been.

"Given our risk analysis results of infected apps regarding their actual behavior, we feel that 'AdWare' might be a more appropriate classification rather than malicious 'malware,'" the company wrote in a blog post.