The impact of app developers using a counterfeit version of Xcode development tool is apparently a lot greater than what was initially anticipated. Earlier this month security firm Palo Alto Networks said that as many as 39 apps with malicious code, or malware were in the App Store (Apple confirmed that 40 apps were affected), but security researchers have said that they have since identified thousands of more such apps.
Researchers from security firm Appthority have said that the recently discovered threat —dubbed “XcodeGhost” — has affected more than 4,000 apps. The researchers further noted that they have been able to track the start of the infection to as back as April 2015. Separately, researchers from security firm FireEye are also reporting the existence of more than 4,000 malicious apps in the App Store.
“XcodeGhost seems to be far more widespread than initially assumed,” Appthority wrote in a blog post. “We had a closer look at the data and were able to track the start of the infection to April 2015 with a significant uptick in infections over this last month of September.”
The firm has provided a graph showcasing a number of incidents of the outbreak of XcodeGhost from earlier this year, gaining momentum in the past few months.
“Immediately after learning of XcodeGhost, FireEye Labs identified more than 4,000 infected apps on the App Store,” noted FireEye. Neither firm has disclosed the names of the affected apps, however. Earlier reports said several Chinese apps including popular ones like WeChat, Didi Kuaidi, and CamCard, among others, were affected.
Separately the popular jailbreak team Pangu also noted earlier this week that it has found more than 3,400 malicious apps in the App Store. The team also released a tool to detect affected apps on Apple devices.