The malware, called XcodeGhost, was first identified by a number of internet security firms and is the first large-scale attack of its type to hit Apple.
The malware is hidden in the code used by app developers, meaning that genuine apps on iPhones and iPads are affected by the attack, however, no serious data breaches are said to have occurred from it.
"We've removed the apps from the App Store that we know have been created with this counterfeit software. We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps," Apple spokeswoman Christine Monaghan told Reuters.
One internet security firm, Palo Alto Networks, said just five malicious apps had managed to get past Apple's review process - which is known to be stringent - and make it into the app store previously.
The affected apps are largely Chinese, including certain versions of the hugely popular messaging service WeChat and Didi Kuaidi, the ride-hailing app which is a rival to Uber in the country, with one security company estimating several hundred have been affected.