A few weeks ago it was disclosed that hundreds of iOS apps hosted by Apple’s Chinese App Store had been infected by malware, including the Chinese build of Rivio’s Angry Birds 2. There is evidence that these infected apps have been in the App Store since last April.
Apple has taken steps to remove/update these apps, and has confirmed this infection was limited only to apps downloaded in mainland China, Taiwan, Hong Kong or Macau. The malware was introduced by a counterfeit copy of Xcode (dubbed XcodeGhost), downloaded by iOS app developers in China from P2P sites who thought it was legit. Affected developers claimed they grabbed this copy of Xcode because downloading it from Apple’s official (US based) site took too long. Apple has since patched this security hole, and is now hosting local Xcode downloads in China.
The infected apps were able to push users to websites, but were not able to access user data on the iOS device. Apple has posted a write-up of what happened at http://www.apple.com/cn/xcodeghost.