Skip to main content

An Apple logo hangs above the entrance to the Apple store on 5th Avenue in the Manhattan borough of New York City, in this July 21, 2015, file photo. Apple Inc said on September 20, 2015, it is cleaning up its iOS App Store to remove malicious iPhone and iPad programs identified in the first large-scale attack on the popular mobile software outlet.

MIKE SEGAR/REUTERS

Apple announced a rare security breach over the weekend that means some Canadians may have unwittingly infected their iPhones and iPads with malware that could expose their iCloud passwords and other personal data.

Apple Inc. has removed some applications from its app store after developers in China were tricked into using software tools that added malicious code to their work.

Apple hasn't provided details about which companies' apps were affected.

Story continues below advertisement

But Tencent Ltd. said its popular WeChat app was hit; the company released a new version after spotting the offending code. Chinese news reports said others affected included banks, an airline and a popular music service.

Many of the affected apps were only available on the App Store in China, yet some that were reportedly infected by the malware — including WeChat, business card rolodex CamCard and file extractor WinZip — are available in Canada.

Users are advised to uninstall the affected apps or update to the latest version released after the malware was discovered, and to change their iCloud passwords.

The malicious code spread through a counterfeit version of Apple's Xcode tools used to create apps for its iPhones and iPads, according to the company. It said the counterfeit tools spread when developers obtained them from "untrusted sources" rather than directly from the company.

The malicious software collects information from infected devices and uploads it to outside servers, according to Palo Alto Networks, a U.S.-based security firm. The company said the breach could result in fake password prompts aimed at harvesting iCloud details or other logins.

It was first publicized last week by security researchers at Alibaba Group, the Asian e-commerce giant, who dubbed it XcodeGhost.

The creators of the malware took advantage of public frustration with Beijing's Internet filters, which hamper access to Apple and other foreign websites. That prompts some people to use copies of foreign software or documents that are posted on websites within China to speed up access.

Story continues below advertisement

"Sometimes network speeds are very slow when downloading large files from Apple's servers," wrote Claud Xiao, a Palo Alto Networks researcher, on its website. Due to the large size of the Xcode file, "some Chinese developers choose to download the package from other sources or get copies from colleagues."

Companies with apps that were affected include taxi-hailing service Didi Kuaidi, Citic Industrial Bank, China Southern Airlines and the music service of NetEase, a popular Web portal, according to the newspaper Yangcheng Evening News.

The incident is the only the sixth time malicious software is known to have made it through Apple's screening process for products on its App Store, according to Xiao.

- With files from the Associated Press

Follow Henderburn on Twitter

10:50ET 21-09-15

Report an error
Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

Comments that violate our community guidelines will be removed.

Read our community guidelines here

Discussion loading ...

To view this site properly, enable cookies in your browser. Read our privacy policy to learn more.
How to enable cookies