Apple’s iOS App Store in China has been attacked for the first time by malware, multiple sources report. Internet security company Palo Alto Networks says that approximately 39 applications have been compromised.
According to the Wall Street Journal, hackers planted an outwardly normal version of an Apple software called Xcode, used to develop iOS applications, on a Chinese cloud service called Baidu Pan. Developers began using it because it was faster to download than the Xcode software from Apple’s U.S. servers, the CBC reports, citing Palo Alto Networks director of threat intelligence Ryan Olson. However, the Chinese version was fraudulent and “Trojanized.”
Olson told CBC that the breach was “a pretty big deal” as it showed that the App Store could be compromised.
XcodeGhost, as the fraudulent code was named by Alibaba researchers, then gave hackers access to users’ devices and enabled phishing for passwords and login information. In its most recent analysis, Palo Alto Networks deemed XcodeGhost dangerous, saying it could set a precedent for other espionage and criminal groups.
WeChat (China’s biggest messaging app), Didi Kuaidi (a ride-hailing app like Uber), and a music-streaming service called NetEase Inc., were among more popular apps affected, according to the Journal. All of the above companies released statements saying that customer information hadn’t been compromised, the Journal says.
Apple spokeswoman Christine Monaghan told the CBC that Apple would work with developers from now on to ensure that they are using the genuine version of the app development software.
More Must-Reads from TIME
- Donald Trump Is TIME's 2024 Person of the Year
- Why We Chose Trump as Person of the Year
- Is Intermittent Fasting Good or Bad for You?
- The 100 Must-Read Books of 2024
- The 20 Best Christmas TV Episodes
- Column: If Optimism Feels Ridiculous Now, Try Hope
- The Future of Climate Action Is Trade Policy
- Merle Bombardieri Is Helping People Make the Baby Decision
Contact us at letters@time.com