Hackers have cracked Apple’s App Store.
Software developers in China were duped into downloading a fake version of Apple’s tool for creating apps for the iPhone and iPad. These developers used a tainted version of Xcode to create apps that contained malicious code.
Apple confirmed the breach and said it has removed apps from its App Store that were created with the counterfeit software tool.
“We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps,” said Apple spokesperson Christine Monaghan.
Some 40 apps are believed to have been discovered to contain the malicious code, including Tencent’s popular communications app WeChat*, the ride-hailing app Didi Kuaidi and a music app, according to Reuters and the New York Times.
Apple provides developers with secure tools for creating mobile apps. However, some developers are believed to have a counterfeit version because it downloaded faster, according to a person familiar with the matter. These developers ignored warnings on their computers that they may be downloading malicious software.
The cyber security firm Palo Alto Networks, and security experts at the giant Chinese e-commerce company Alibaba identified the breach.
Update (7:16 pm PT): A Tencent spokesperson said the latest iOS version of WeChat v 6.2.6 fixes the issue.
This article originally appeared on Recode.net.