Lazy developers downloaded a fake version of Xcode and then used it to publish real apps to the real App Store.
There is not much more to say about this. I understand 12 year old Timmy torrenting Xcode because he doesn’t know any better, but real actual developers of popular apps? FFS, that is a rookie error.
The most high profile app to be affected is WeChat. Not a fan. WeChat claims that it was on older version that was affected but just to be safe, update your apps. (Or delete them.)
This friendly commenter said it best: