PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

Malware-Laden Apps Pulled From Apple's iOS App Store

Stephanie Mlot
 & Stephanie Mlot Contributor

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS

Apple's App Store is generally thought to be more secure than Google Play, thanks to Cupertino's rigorous approval process. But it appears that some scammers managed to worm their way in.

Several cyber security firms discovered the malicious XcodeGhost program embedded in numerous authentic iOS apps.

According to Palo Alto Networks, about 40 apps were infected, including instant messaging services, banking apps, mobile carrier apps, maps, stock trading apps, SNS apps, and games. A number are from China, including Tencent's WeChat, NetEase music app, and Didi Kuaidi's Uber-like car-hailing service, though others—like business card scanner CamCard—are available internationally.

Infected apps can upload your device and app information to a command and control (C2) server, Palo Alto Networks said. But in a follow-up post, the firm said XcodeGhost can also prompt fake dialog boxes to phish your data, open specific URLs, and read and write data on a clipboard, "which could be used to read the user's password if that password is copied from a password management tool."

Apple did not immediately respond to PCMag's request for comment. But it told Reuters that the hackers duped legitimate developers into using an infected version of Apple's app-development software, known as Xcode.

Recommended by Our Editors

The Best Weather Apps for 2026
The Best Weather Apps for 2026
Airbnb Goes Beyond Homes With Hotels, Airport Rides, Grocery Deliveries, More
Airbnb Goes Beyond Homes With Hotels, Airport Rides, Grocery Deliveries, More
WhatsApp Plus Subscription Is Reportedly Rolling Out to Select iOS Users
WhatsApp Plus Subscription Is Reportedly Rolling Out to Select iOS Users

This is the first time a large volume of malicious software programs have infected the App Store, Reuters said. Previously, only five malware-laden apps have been found there.

"We've removed the apps from the App Store that we know have been created with this counterfeit software," Apple told Reuters. "We are working with the developers to make sure they're using the proper version of Xcode to rebuild their apps."

Developers looking to build and share an app must sign up for an annual $99-plus membership, then download Xcode—the official Integrated Development Environment (IDE) for the iOS and Mac. Once an app is developed and tested, it must be submitted to Apple for review. If it's rejected, based on Cupertino's long list of guidelines, it can be appealed to the App Review Board.

For more, see How To Create an App and watch the video below.

About Our Expert

Stephanie Mlot

Stephanie Mlot

Contributor

My Experience

  • B.A. in Journalism & Public Relations with minor in Communications Media from Indiana University of Pennsylvania (IUP)
  • Reporter at The Frederick News-Post (2008-2012)
  • Reporter for PCMag and Geek.com (RIP) (2012-present)

My Areas of Expertise

  • Science & Space
  • Video Streaming Services
  • Social Media
  • Cars & Auto
  • Education

The Tech I Use

  • iPhone 12 Pro
  • MacBook Air (hooked up to a 23-inch Dell monitor)
  • Google Chrome
  • Google Drive
  • Soundcore Life P3 earbuds
  • Various Amazon Echo devices

Read the latest from Stephanie Mlot

Read full bio