Flickr/Karlis Dambrans
Palo Alto Networks, an online security company that has been posting about the hack since last week, can create fake alerts that pop up on your phone and request sensitive information, like passwords and login credentials.
It could also get passwords and other sensitive information from your phone by accessing the device's clipboard, Palo Alto Networks said in a blog post.
Apps like Angry Birds 2, WeChat, and the popular business card reader CamCard .
More than 500 million people use WeChat.
Apple said that infected versions of apps had made their way into the App Store because developers had been using a fake version of Apple's developer code, according to The New York Times.
Apple has removed the apps from the app store, but many people could have downloaded them already.
The iPhone maker did not respond to a request from Tech Insider about what iPhone owners should do if they're worried they may have apps that have been affected.
But Lookout, a mobile security company based in San Francisco, gave Tech Insider some tips about what people can do to stay safe.
- Delete any apps that could be affected.
- If you've downloaded one of the apps on the list from Palo Alto securities, Lookout recommends deleting the apps and waiting until the developer has issued an update.
- WeChat said that it has already fixed the issue, which only affected people using a certain version of the app.
- Be extra careful about entering any sensitive information in dialogue boxes.
- Because the hack can push fake alerts that ask for sensitive user information like passwords, Lookout recommends being extra vigilant about the apps pushing dialogue boxes to your screen. "Don't enter information without first being aware of who is asking for it," a Lookout spokesperson wrote in an email to Tech Insider.
- Change your Apple account password.
- If you have found that you had any of these apps, Lookout suggests that you change your Apple account password. Also, be wary about any emails or prompts you receive that ask for sensitive information.
It's also always a good idea to enable two-factor authentication whenever possible. This requires people to have a second form of credentials, like a code from a text message, when they login to an account. Apple, Gmail, Twitter, and other apps and services offer two-factor authentication.