The hack was the result of developers in China using a tainted version of Xcode, the toolset used to build apps for iOS, Apple’s mobile operating system, so the apps are all from the Chinese App Store.
According to Palo Alto Networks, an online security company that posted about the hack last week, the malware can create fake alerts that pop up on your phone and request sensitive information, like passwords and login credentials.
But Apple refutes that information, saying in a post on its website in both English and Chinese, that it has “no information to suggest that the malware has been used to do anything malicious or that this exploit would have delivered any personally identifiable information had it been used.”
The messaging app WeChat, which has more than a half billion users, as well as the music app Baidu Music, and Didi Taxi, a popular ride-hailing app, are among the most popular affected apps.
Apple says it has removed the infected apps from the App Store, and WeChat said in a blog post over the weekend that it had fixed the issue in its app.
Even though more apps were hacked — the app security firm Appthority security research puts the number at 476 — Apple says that “After the top 25 impacted apps, the number of impacted users drops significantly.”
Apple, along with security experts who spoke to Tech Insider, advises that people who are worried they may have been affected by the hack make sure that all of their apps are up to date. Experts also advise that people remain vigilant about which apps ask them for sensitive information.