It's particularly sneaky, too. While Apple has already pulled relevant apps from the App Store, it doesn't need them to stick around to work. Also, it's not so easy for Apple to catch offenders in the approval process. The example apps purposefully limited their hostile behavior to users located in China, so App Store screeners in California weren't likely to spot any malicious activity.

Palo Alto reported the issue to Apple in late February, but it's not clear whether there's a permanent solution in the works. We've reached out to Apple for details, and we'll let you know if it has something to share. Either way, the practical risk is low in the short term -- don't install Aisi Helper or similar apps. The concern is that intruders will take advantage of inexperienced users, or that a more sophisticated future attack won't require that you install a program first.