The Apple logo is seen behind new Apple iPad Pros on display during an Apple media event in San Francisco, California. (Reuters Photo)
Hackers have found their way into Apple's App Store.
Apple confirmed on Sunday that a tool used by software developers for the company's devices was copied and modified by hackers to put bad code into apps available on the App Store.
So far about 40 apps with malicious code, or malware, have made it into the App Store, said researchers at Palo Alto Networks, an online security company that is investigating the incident. In a blog post, the security company said the breach could potentially affect hundreds of millions of users.
The list includes some of the most popular apps in China, like the ride-hailing app Didi Kuaidi. Many of the apps are popular elsewhere as well, like the messaging app WeChat, which has about 500 million users, and the business card scanner CamCard. The Chinese online security company Qohoo said it has found more than 300 infected apps.
The fake developer code "was posted by untrusted sources," said Christine Monaghan, an Apple spokeswoman. "To protect our customers, we've removed the apps from the App Store that we know have been created with this counterfeit software."
It was unclear on Sunday how many people had downloaded the apps based on the hacked developer tool. Security researchers at the giant Chinese e-commerce company Alibaba, Palo Alto Networks, the app makers and Apple are working to assess the damage, said Ryan Olson, who leads a threat research team, Palo Alto Networks.
Researchers found that some copied versions of Xcode had been modified to embed malicious software into apps.
Once the infected apps are downloaded, researchers said, the malicious code can open particular websites designed to infect the device with more viruses. It can also open innocuous-looking pop-up screens that ask users for more information.
Researchers said only the most recent versions of the apps created with the counterfeit version of Xcode were at risk.
Olson said that hackers did not crack Apple's software. Instead they took advantage of the fact that many Chinese developers use copies of Xcode that are held on Chinese servers, since they load faster than the version of the code that's available from Apple.
The bad Xcode was available only to those developers who had disabled Apple's safety features.
© 2015, The New York Times News Service