Internal emails reveal 128 million iOS users were impacted by 2015 ‘XcodeGhost’ malware attack

In 2015, a modified copy of Xcode that surfaced on the web was responsible for injecting malware into a number of iPhone and iPad apps that were then uploaded to the App Store. At the time, the extent of the damage this malware caused was unknown. However, according to emails brought forth during the Epic Games v. Apple trial, it was revealed that a total of 128 million iOS users downloaded apps that were affected by the XcodeGhost malware.

128 million iOS users were affected by XcodeGhost malware attack in 2015

128 million iOS users were affected by ‘XcodeGhost’ malware attack in 2015

At the time, more than 2,500 iOS apps were infected by XcodeGhost including major apps like WeChat, NetEase, and more with up to 500 million iOS users potentially impacted. Though the malware was dealt with swiftly, Apple did not offer additional details regarding the attack. However, emails brought forth in the Epic v. Apple trial revealed that a total of 128 million users downloaded the applications. About 18 million of those users were in the United States.

In addition to revealing the size of the hack caused by XcodeGhost, the emails also detail how the Cupertino tech giant worked to determine the impact of the attack and how to best notify users who downloaded infected apps.

“Due to the large number of customers potentially affected, do we want to send an email to all of them?” said Matt Fischer, vice president of the App Store. “Note that this will pose some challenges in terms of language localizations of the email since the downloads of these apps took place in a wide variety of App Store storefronts around the world.”

App Store

Apple’s iTunes customer experience manager at the time, Dale Bagwell, agreed that a mass notification would be challenging. Bagwell also highlighted some of the limitations of the mass-request tool, including the fact that sending a huge batch of emails to 128 million people could take up to a week.

“Just want to set expectations correctly here. We have a mass-request tool that will allow us to send the emails, however, we are still testing to make sure that we can accurately include the names of the apps for each customer,” Bagwell wrote.

Although the malware was widespread and affected a significant amount of users on the App Store, it was not considered dangerous. At the time of the XcodeGhost attack, Apple said it did not have any information to suggest that the modified copy of Xcode was used for malicious purposes.

The incident led Apple to reinforce the security of the Xcode installation process and the malware scanning process when submitting apps to the App Store. Following the attack, the tech giant also acquired SourceDNA, a startup specializing in malware detection.

via Vice

About the Author

Asma is an editor at iThinkDifferent with a strong focus on social media, Apple news, streaming services, guides, mobile gaming, app reviews, and more. When not blogging, Asma loves to play with her cat, draw, and binge on Netflix shows.