Apple has said it is taking steps to remove malicious code added to a number of apps commonly used on iPhones and iPads in China.
It is thought to be the first large-scale attack on Apple’s App Store.
The hackers had created a counterfeit version of Apple’s software for building iOS apps, which it persuaded developers to download.
Apps compiled using the software could steal data about the users and send it to servers controlled by the hackers.
In addition, the attackers could send fake alerts to infected devices to trick their owners into revealing passwords and other information.
The infected applications includes Tencent’s hugely popular WeChat app, a music downloading app and an Uber-like car hailing app.
Some of the affected apps – including the business card scanner CamCard – are also available outside China.
An Apple spokeswoman said apps created using the counterfeit software, XcodeGhost, had now been removed from the App Store.
“We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps,” said Christine Monaghan.