蘋果公司全力挽救被黑客攻擊的應用商店

The company disclosed the effort after several cyber security firms reported finding a malicious program dubbed XcodeGhost that was embedded in hundreds of legitimate apps.

幾家網絡安全公司報道稱，一款名爲“XcodeGhost”的病毒程序被嵌入蘋果應用商店數百款合法應用當中，在此之後，蘋果公司公開了其爲刪除惡意程序所做的努力。

It is the first reported case of large numbers of malicious software programs making their way past Apple's stringent app review process. Prior to this attack, a total of just five malicious apps had ever been found in the App Store, according to cyber security firm Palo Alto Networks Inc.

大量惡意軟件程序通過了蘋果嚴格的應用審批程序，這是有報道的第一例。據網絡安全公司帕洛阿爾託網絡公司稱，在此次襲擊之前，蘋果應用商店只發現過五款惡意軟件。

The hackers embedded the malicious code in these apps by convincing developers of legitimate software to use a tainted, counterfeit version of Apple's software for creating iOS and Mac apps, which is known as Xcode, Apple said.

蘋果公司稱，黑客通過說服合法應用的開發者使用感染的、假冒版本的蘋果軟件來開發iOS和Mac應用，以此把惡意代碼，也就是Xcode嵌入到這些應用當中。

"We've removed the apps from the App Store that we know have been created with this counterfeit software," Apple spokeswoman Christine Monaghan said in an email. "We are working with the developers to make sure they're using the proper version of Xcode to rebuild their apps."

“我們已經把那些由假冒軟件開發出的應用從應用商店中清除了，” 蘋果公司的發言人克里斯汀·莫納漢在電子郵件中稱，“我們正在同開發者合作，確保他們使用正版Xcode重新開發應用。”

She did not say what steps iPhone and iPad users could take to determine whether their devices were infected.

但該發言人並未透露iPhone和iPad用戶應採取何種步驟來判斷自己的設備是否感染了病毒。

Palo Alto Networks Director of Threat Intelligence Ryan Olson said the malware had limited functionality and his firm had uncovered no examples of data theft or other harm as a result of the attack.

帕洛阿爾託網絡公司的情報總監雷恩·奧爾森表示，這款惡意軟件的功能有限，他的公司還沒有發現由於這次襲擊而造成的用戶數據被盜或者是其他損害。

Still, he said it was "a pretty big deal" because it showed that the App Store could be compromised if hackers infected machines of software developers writing legitimate apps. Other attackers may copy that approach, which is hard to defend against, he said.

但是奧爾森稱這是“十分嚴重的一件事”，因爲它表明如果黑客使軟件開發者編寫合法應用的設備感染上病毒，那麼蘋果應用商店是缺乏抵抗力的。其他黑客可能會複製這一方法，這是很難防禦的。

"Developers are now a huge target," he said.

“應用開發者如今成爲了黑客攻擊的巨大目標，”他說。

Researchers said infected apps included Tencent Holdings Ltd's popular mobile chat app WeChat, car-hailing app Didi Kuaidi and a music app from Internet portal NetEase Inc.

研究人員稱，感染病毒的軟件包括騰訊控股有限公司十分普及的手機聊天軟件微信，打車軟件滴滴快的和一款來自互聯網門戶網站網易的音樂軟件。

The tainted version of Xcode was downloaded from a server in China that developers may have used because it allowed for faster downloads than using Apple's US servers, Olson said.

奧爾森說，受感染版本的Xcode是從一箇中國服務器上下載的，開發者之所以使用這個服務器是因爲它比蘋果美國服務器的下載速度更快。

Chinese security firm Qihoo360 Technology Co said on its blog that it had uncovered 344 apps tainted with XcodeGhost.

中國網絡安全公司奇虎360科技有限公司在其博客中表示，該公司已發現344款受到XcodeGhost感染的應用。

Apple declined to say how many apps it had uncovered.

不過蘋果方面拒絕透露其發現的受感染應用的數量。