Chinese streaming service hit in iOS App Store attack

The music streaming service from China-based Internet portal NetEase Inc was found to be infected with malicious software in the first large-scale attack on Apple’s App Store.

NetEase Music was among some of the most popular Chinese names in the tech giant’s app store to be compromised.

Apple Inc announced the security breach on Sunday informing users it was cleaning up its iOS App Store to remove malicious iPhone and iPad programs.

The announcement was made after cyber security firms found a program, dubbed XcodeGhost by researchers, embedded in hundreds of legitimate apps. Developers use a tool kit of sorts called XCode to create apps for Apple devices; the kits takes a long time to download and when hackers posted their version on Chinese cloud server Baidu Pan advertising a faster download rate, developers took the bait.

The attack, which affected more than three dozen apps, is being touted as a first-of-its-kind security breach. US-based cyber security firm Palo Alto Networks Inc said prior to this, a total of just five malicious apps had ever been found in the App Store.

"We’ve removed the apps from the App Store that we know have been created with this counterfeit software," said Apple spokeswoman Christine Monaghan. "We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps."

Along with NetEase Inc's music app, reported victims of the attack also include Tencent Holdings Ltd’s mobile chat app WeChat, China’s official train-booking website 12306, state-run mobile carrier China Unicom and Uber’s nonprofit car-pooling service app Didi Kuaidi.

The malicious software can make infected apps can transmit information about a user’s device, prompt fake alerts to steal passwords and read and write information on the user’s clipboard.

On Friday Tencent said in a message posted to the Sina Weibo microblogging service: “At present, we haven’t discovered any loss of user information or assets as a result of this [breach], though the WeChat team will continue to monitor and do tests.” 

Palo Alto Networks have said they don’t know who is behind the attack.