Apple acknowledged on Sunday night that the App Store had been hit by an unprecedented hack that infected dozens of apps with malware.
According to Palo Alto Networks, an online security company that has been posting about the hack since last week, the malware can create fake alerts that pop up on your phone and request sensitive information, like passwords and login credentials.
It could also get passwords and other sensitive information from your phone by accessing the device's clipboard, Palo Alto Networks said in a blog post.
Apps like Angry Birds 2, WeChat, and the popular business card reader CamCard have been affected by the malware.
More than 500 million people use WeChat.
Apple said that infected versions of apps had made their way into the App Store because developers had been using a fake version of Apple's developer code, according to The New York Times.
Apple has removed the apps from the app store, but many people could have downloaded them already.
The iPhone maker did not respond to a request from Tech Insider about what iPhone owners should do if they're worried they may have apps that have been affected, but both Palo Alto Networks, and Lookout, a mobile security company based in San Francisco, gave Tech Insider some tips about what people can do to stay safe.
"The number one thing for iPhone users to do is make sure their apps are up to date," Ryan Olson, the director of Palo Alto Networks' threat intelligence research team, told Tech Insider.
The large number of developers who worked on apps that were affected by the malicious code, Olson said, are going to be issuing updates, so "the sooner you can get those installed, the better."
- Be extra careful about entering any sensitive information in dialogue boxes.
- Because the hack can push fake alerts that ask for sensitive user information like passwords, Lookout recommends being extra vigilant about the apps pushing dialogue boxes to your screen. "Don’t enter information without first being aware of who is asking for it," a Lookout spokesperson wrote in an email to Tech Insider.
- Change your Apple account password.
- If you have found that you had any of these apps, Lookout suggests that you change your Apple account password. Also, be wary about any emails or prompts you receive that ask for sensitive information.
It's also always a good idea to enable two-factor authentication whenever possible. This requires people to have a second form of credentials, like a code from a text message, when they login to an account. Apple, Gmail, Twitter, and other apps and services offer two-factor authentication.
