Security researchers recently identified dozens of apps containing malware in the App Store.
The malware, called XcodeGhost, was first publicized by security researchers at Palo Alto Networks, who discovered the infected apps.
The exploit puts quite a bit of personal and device information at risk, including your Apple ID and iCloud password, the contents of your device’s clipboard and your device’s name, type and UUID (universally unique identifier).
How Bad Is It?
It’s hard to say exactly how many apps have been infected. Initially, Palo Alto Networks identified two infected apps but later increased that number to 39.
The list included some of the most popular apps in China like WeChat, Angry Birds 2 (Rovio has said only the Chinese version was affected), Didi Chuxing (a Chinese ride hailing apps), Railway 12306 (the country’s official app for buying train tickets) and China Unicorn Mobile Office (made by one of the most popular carriers).
How did this even happen?
The security firm goes on to explain that when you search for “Xcode download” on Google, it returned results for several forums frequented by developers. Many of these download links direct back to files posted on the file sharing site Baidu Yunpan, which contained the infected versions of Xcode that app makers unwittingly downloaded.
What should I do now?
Apple says it has removed the infected apps, though some of those identified by Palo Alto Networks remain in the App Store and have yet to be updated.
If you have one of the infected apps, you should delete it immediately (note that Tencent has already updated WeChat with a fix, so make sure you have the latest update, version 6.2.6.)
It’s also a good idea to change your iCloud password now, especially if you downloaded one of the apps in question. While you’re at it, you should consider turning on two-factor authentication as well.
That way, even if your Apple ID and password is compromised, an attacker will not be able to get into your account from another device.