Apple lists 25 apps impacted by XcodeGhost

Apple has identified 25 apps on its stores that had used a rogue version of its Xcode development tool, and advised users to update the affected apps to fix the issue on their devices.

Figuring in the list are the WeChat app from Tencent and the Didi ride-hailing app, which had been identified earlier as affected. Other apps included in the list released by Apple on its China website include local chatting tool Encounter, the app for Baidu Music and China Unicorn's customer service app.

Apple has said that some developers downloaded counterfeit versions of Xcode that have been infected with the XcodeGhost malware and created apps that were also infected.

Security firm Palo Alto Networks said last week the modified Xcode files had been uploaded to a Baidu cloud file-sharing service and the files were subsequently removed after the security firm had alerted the Chinese company.

Researchers said that developers may have accessed these sources to download the integrated development kits rather than from Apple servers to get around slow Internet speeds. The malware attack has proven to be an embarrassment to Apple as the infected apps appear to have passed through the company's stringent code review for apps on its site.