There is thought to currently be a large scale attack on Apple's app store. The hackers created a counterfeit version of Apple's software for building iOS apps, which they persuaded developers to download.
Apps compiled using the tool allow the attackers to steal data about users and send it to servers they control.
Cybersecurity firm Palo Alto Networks - which has analysed the malware dubbed XcodeGhost - said the perpetrators would also be able to send fake alerts to infected devices to trick their owners into revealing information.
It added they could also read and alter information in compromised devices' clipboards, which would potentially allow them to see logins copied to and from password management tools.
Infected apps included Tencent's hugely popular WeChat app and Didi Kuaidi's Uber-like car hailing app.
Apple's spokeswoman Christine Monaghan has since commented, "We've removed the apps from the app store that we know have been created with this counterfeit software".