Apple has released a list of the top 25 most popular iOS applications compromised by XcodeGhost malware including WeChat, an unofficial copy of the popular Angry Birds game titled Angry Bird 2 and messaging app Encounter.
Apple was forced to clean up its app store after the discovery of the XcodeGhost malware, which was uncovered by security researchers at Palo Alto Networks. The firm found the malware lurking in fake versions of Apple's Xcode developer suite.
Now, Apple has acknowledged that it has removed the affected apps, and promised users that no sensitive information was at risk during the period.
"We have removed the apps from the App Store that we know have been created with this counterfeit software and are blocking submissions of new apps that contain this malware from entering the App Store," Apple said in statement.
"We're not aware of personally identifiable customer data being impacted and the code also did not have the ability to request customer credentials to gain iCloud and other service passwords.
"As soon as we recognised these apps were using potentially malicious code we took them down. Developers are quickly updating their apps for users."
Other apps Apple removed included Let's Cook Recipes and DiDi Taxi. Apple added that after the top 25 impacted apps, the number of users impacted by XcodeGhost drops significantly.
Earlier this week Apple urged developers not to download its Xcode software from third-party locations, after the rogue version was uncovered that has been used to trick people into creating as many as 4,000 apps with backdoors to inject malware.
Following the discovery, Apple reminded users of its tools that they should stick to trusted Apple sources for the download.
"We recently removed apps from the App Store that were built with a counterfeit version of Xcode which had the potential to cause harm to customers," Apple said.
"You should always download Xcode directly from the Mac App Store, or from the Apple Developer website, and leave Gatekeeper enabled on all your systems to protect against tampered software."
Meanwhile security firm FireEye reported that it uncovered evidence that 4,000 apps on the App Store were submitted and available to download that had been built with the flawed xCode tool.
"Immediately after learning of XcodeGhost, FireEye Labs identified more than 4,000 infected apps on the App Store," it said.
"FireEye has since updated detection rules in its NX and Mobile Threat Prevention (MTP) products to detect the malicious apps and their activity on a network."
Security researchers at Palo Alto Networks, who coined the malware XcodeGhost, explained it uses a modified version of the Apple developer code to make OS X and iOS applications.
"XcodeGhost's primary behavior in infected iOS apps is to collect information on the devices and upload that data to command and control (C2) servers," the research team said, according to a report on Reuters.
"The malware has exposed a very interesting attack vector, targeting the compilers used to create legitimate Apps. This technique could also be adopted to attack enterprise iOS apps or OS X apps in much more dangerous ways."
According to Palo Alto, once the inflected applications are downloaded the malware can open websites specifically designed to infect the Apple device with viruses and even attempt to exploit further personal information from users via official looking pop-ups.
"Since the dialogue is a prompt from the running application, the victim may trust it and input a password without suspecting foul play," it said.
Apple confirmed to V3 it is working with developers to ensure application security is restored and explained how it is moving to mitigate further attacks.
"A fake version of one of these tools was posted by untrusted sources which may compromise user security from apps that are created with this counterfeit tool," said an Apple spokesperson.
"To protect our customers, we've removed the apps from the App Store that we know have been created with this counterfeit software and we are working with the developers to make sure they're using the proper version of Xcode to rebuild their apps."
The legitimate Xcode developer code download, said to be 3.9GB in total, can take a significant amount of time to download on slower networks in countries such as China.
This indicates that some developers have been searching and downloading the code from non-Apple sources and have ended up downloaded the fake version of the platform, meaning their apps are, unknowingly, open to attack.
While many of the affected apps were based in China, the malware attack also impacted versions of WeChat, a very popular messaging app used worldwide.
WeChat confirmed in a blog post that a preliminary investigation revealed that no theft or user data had leaked and said that it is now investigating.
"The WeChat tech team has extensive experience combating attempts to hack our systems. Once the security flaw was discovered, the team immediately took steps to secure against any theft of user information," it said.
This marks the first large-scale attack on the official iOS App Store, with a total of just five malicious applications being uncovered previous to this incident.
The findings also come just after the new iOS 9 update was released, which has already been downloaded millions of times onto iPhones and iPads.
'We'll keep fighting to fight to keep the web free and open,' claim EFF
Breached in March by the same attackers, claim 'insiders'
And all for less than £150, according to Keith
Chambers joined Cisco in 1991 after leaving ailing Wang Labs