WeChat Users on iPhone and iPad: You May Have Been Hacked, Here’s How to Fix It

Just last month, something unprecedented happened on the Apple iOS servers: they were hacked. Operating systems by Apple, both iOS and Mac OS, have long been applauded for their resistance to hacking, viruses and malware. For the better part of a decade, Apple has been able to keep iPhone and iPad users safe from cyber attack by stringently controlling the iOS compatible applications that it allows into its official App Store. But someone, presumably in China, found a weak spot.

wechat-ios-hack-happened
How the WeChat iOS hack happened

WeChat is one of the most popular instant messaging applications, with upwards of 600 million users, mostly in Asia (although its success has been expanding westward for some time now). It is owned and developed in China by the company TenCent, which operates several other mobile applications that aren’t of very much significance in Europe and North America. It seems that WeChat developers took a bit of a shortcut when they created the early September update, WeChat v6.2.5 for iOS, and they weren’t the only development company, either.

When a mobile application developer wants to create a new application for iPhone and/or iPad, they must get access to a special iOS coding software from Apple in order to build the app. This coding software is called Xcode, and it is carefully regulated by Apple to ensure security and houses on servers in the United States.

What the developers at WeChat and other companies did was use a counterfeit version of Xcode that was running on a Chinese server, making downloads and development much faster and on their end. In order to download the counterfeit Xcode software, the developers would have had to disable standard Apple security features.

The Chinese counterfeit Xcode could have been harmless; the developers certainly must have thought it was. But it wasn’t. The software contained a malware program called Xcode Ghost embedded in its code. Since WeChat and other iOS apps are built on this software scaffolding, the malware became embedded into the applications’ codes as well.

Other than the midden Xcode Ghost malware code lurking in the programming of WeChat and more than 340 other Chinese applications, the apps were perfectly legitimate when they reached Apple for approval. They met all standard criteria and were added to the App Store without raising any red flags.

When iPhone and iPad users updated their apps to the new version available in the App Store, like WeChat, the infected application was installed and the code for the Xcode Ghost malware was sneakily put on their device.

Is the WeChat malware dangerous?

The cyber security company Palo Alto Networks investigated the Xcode Ghost hack and concluded that it could potentially generate phishing scams, which are fraudulent replications of trusted websites designed to steal your personal information, such as online banking login information and credit card numbers. However, both WeChat’s company and Apple have released statements that there is no evidence of sensitive information or money being stolen from WeChat users as a result of this attack, and Apple assured users that the malware did not have the ability to access iCloud username and password information.

wechat malware

How do I know if I have the WeChat malware on my iPhone?

There’s no way to tell just by using the apps whether they are hiding the Xcode Ghost malware; you have to find out what version of WeChat you currently have installed on your iPhone or iPad. The only infected version is WeChat 6.2.5, and it only affects iOS.

You can check what version of the application you have by looking at “app info”, but don’t bother; the way to remove the malware code from your iPhone is so easy, you’re better off just doing the fix no matter what.

How to remove WeChat malware from iPhone and iPad

You’ll love how simple this is. As soon as they learned about the security breach, both Apple and WeChat got to work on fixing the problem. Apple rushed to remove all infected applications from the App Store, and WeChat very quickly rolled out a new updated version that patches the malware. The new version, WeChat 6.2.6, is available in the App Store right now and doing a simple update of the application is all you have to do to fix the problem. I mean, you probably would have updated eventually, but the sooner you do it, the less likely you are to have problems with the Xcode Ghost malware on your device.

Wechat-icon

What the WeChat breach means for Apple

Even though it looks like nothing bad really happened as a result of the Xcode Ghost making its way onto potentially millions of iPhones and iPads, it points to a vulnerability in Apple’s security process that had gone unnoticed and unexploited up to this point. Understandably, many Apple customers find that troubling. Cyber security experts are concerned that this weak point could be used for more malicious purposes, and unfortunately this type of hack is very difficult to protect against.

In the mean time, Apple has published a protocol for Chinese developers to follow to ensure that they are using a clean version of Xcode to build their iPhone applications. We would certainly expect the developers to follow it to a tee, or play it safe and only use the Xcode from the secure Apple servers in the US; after all, their bottom line is at risk more than Apple’s is. The worst case scenario from the point of view of WeChat’s development company TenCent would be a mass exodus of users worried about their data security, which is what happened to SnapChat after over 4.6 million users were hacked. WeChat has been growing at a record pace; they definitely don’t want to become the next SnapChat just because their developers wanted a faster download time.