Apple’s iOS App Store in China has been attacked for the first time by malware, multiple sources report. Internet security company Palo Alto Networks says that approximately 39 applications have been compromised.
According to the Wall Street Journal, hackers planted an outwardly normal version of an Apple software called Xcode, used to develop iOS applications, on a Chinese cloud service called Baidu Pan. Developers began using it because it was faster to download than the Xcode software from Apple’s U.S. servers, the CBC reports, citing Palo Alto Networks director of threat intelligence Ryan Olson. However, the Chinese version was fraudulent and “Trojanized.”
Olson told CBC that the breach was “a pretty big deal” as it showed that the App Store could be compromised.
XcodeGhost, as the fraudulent code was named by Alibaba researchers, then gave hackers access to users’ devices and enabled phishing for passwords and login information. In its most recent analysis, Palo Alto Networks deemed XcodeGhost dangerous, saying it could set a precedent for other espionage and criminal groups.
WeChat (China’s biggest messaging app), Didi Kuaidi (a ride-hailing app like Uber), and a music-streaming service called NetEase Inc., were among more popular apps affected, according to the Journal. All of the above companies released statements saying that customer information hadn’t been compromised, the Journal says.
Apple spokeswoman Christine Monaghan told the CBC that Apple would work with developers from now on to ensure that they are using the genuine version of the app development software.
More Must-Reads from TIME
- Why Trump’s Message Worked on Latino Men
- What Trump’s Win Could Mean for Housing
- The 100 Must-Read Books of 2024
- Sleep Doctors Share the 1 Tip That’s Changed Their Lives
- Column: Let’s Bring Back Romance
- What It’s Like to Have Long COVID As a Kid
- FX’s Say Nothing Is the Must-Watch Political Thriller of 2024
- Merle Bombardieri Is Helping People Make the Baby Decision
Contact us at letters@time.com