Apple’s software is famed for being a highly controlled ecosystem that is almost impossible to break into. But recent days saw dozens of iOS apps being infected with malware. Apple’s App Store was cleaned up when the company removed infected apps with malware that could attempt to steal users’ passwords and other information.

WeChat – which is hugely popular in China and has hundreds of millions of Chinese users – was affected, but had the foresight to fix the problem earlier this month.

It said its version 6.2.5, released on Sept. 10, was infected, but version 6.2.6, released Sept. 12, was not. So far, there has been no sign of “theft and leakage of users’ information or money.

Apple and app developers were unaware of the infection as hackers succeeded in tricking app developers into downloading a modified version of Xcode – the software developers use to create iOS apps. Brilliant. The software included the malware that made its way into the newly uploaded apps.

It was security company Palo Alto Networks that discovered the issue identifying at least 39 apps that had been affected, including at least one that tried to steal users’ iCloud passwords. Apple acted quickly, and said:

To protect our customers, we’ve removed the apps from the App Store that we know have been created with this counterfeit software and we are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.

The breach into the Apple iOS is a crafty one and the reason Apple was unable to locate it is because when trusted apps are upgraded, they aren’t given as much scrutiny during a review as new apps. While this means shorter review times for critical app updates, it also leaves a hole if the developer is compromised.

[source: mashable]