‘XcodeGhost’ Malware Attack in 2015 Impacted 128 Million iOS Users, According to Trial Documents

Back in 2015, a malware-infected version of Xcode started circulating in China, and malware-ridden “XcodeGhost” apps made their way into Apples App Store and past the App Store evaluation team.
There were more than 50 known infected iOS apps at the time, consisting of significant apps like WeChat, NetEase, and Didi Taxi, with as much as 500 million iOS users potentially impacted. Its been a long period of time since the XcodeGhost attack, but Apples trial with Epic is emerging brand-new information.
Trial files highlighted by Motherboard show that a total of 128 million users downloaded apps with the XcodeGhost malware, consisting of 18 million users in the United States.
XcodeGhost was one of the biggest attacks against iPhone users to date due to the variety of iPhone users that were impacted. The 128 million affected users got malware from downloads of more than 2,500 affected apps.
Based on emails shared in the trial, Apple worked to determine the impact of the attack and how to best inform those who downloaded contaminated apps. “Due to the a great deal of customers possibly affected, do we want to send out an email to all of them?” Apples App Store vice president Matt Fischer asked.
Apple did ultimately inform users that downloaded XcodeGhost apps, and also published a list of the top 25 most popular apps that were jeopardized. Apple eliminated all of the contaminated apps from the App Store, and offered information to developers to assist them verify Xcode moving forward.
XcodeGhost was a widespread attack, but it was ineffective or harmful. At the time, Apple stated that it had no information to recommend that the malware was ever used for any malicious function nor that delicate personal information was taken, however it did gather app package identifiers, network details, and device names and types.