Over 128M iOS Users Affected By XcodeGhost Malware
More than 128 million iOS users were allegedly affected by the “XcodeGhost” malware which first surfaced in 2015 — responsible for injecting malware into several iPhone and iPad apps that were subsequently uploaded to the App Store.
Internal Apple emails have revealed during the Epic Games vs Apple trial that 128 million consumers had downloaded more than 2,500 apps infected by the malware that came from the fake copy of Xcode.
In total, these 2,500 infected apps have been downloaded more than 203 million times in the App Store, reports Motherboard.
An employer mentioned that “China represents 55 percent of customers and 66 percent of downloads,” also referring to the “XcodeGhost” malware.
However, emails published as part of the Epic v. Apple trial have finally given us a clearer picture at the scope of the hack. In total, 128 million users downloaded the more than 2,500 tainted applications. About 18 million of those users were in the U.S., according to Vice, which first spotted the emails.
In addition to revealing the magnitude of the hack, the emails also detail how Apple scrambled to work out how serious it was and notify victims.
“Due to the large number of customers potentially affected, do we want to send an email to all of them?” said Matt Fischer, vice president of the App Store. “Note that this will pose some challenges in terms of language localizations of the email, since the downloads of these apps took place in a wide variety of App Store storefronts around the world.”
Dale Bagwell, Apple’s iTunes customer experience manager at the time, agreed that a mass notification would be challenging.
“Just want to set expectations correctly here. We have a mass-request tool that will allow us to send the emails, however we are still testing to make sure that we can accurately include the names of the apps for each customer,” Bagwell wrote.
Bagwell also brought up some of the limitations of the tool, including the fact that sending a mass batch of emails to 128 million people could take up to a week.
Although the malware was widespread on the App Store, it wasn’t particularly sophisticated or dangerous. At the time, Apple said it didn’t have any information to suggest it was used to do anything malicious or harvest personally identifiable information.
The incident led Apple to acquire SourceDNA, a startup specializing in malware detection.