'XcodeGhost' Malware Attack in 2015 Impacted 128 Million iOS Users, According to Trial Documents

by

Back in 2015, a malware-infected version of Xcode began circulating in China, and malware-ridden "XcodeGhost" apps made their way into Apple's App Store and past the ‌App Store‌ review team.

XcodeGhost Featured1
There were more than 50 known infected iOS apps at the time, including major apps like WeChat, NetEase, and Didi Taxi, with up to 500 million iOS users potentially impacted. It's been a long time since the XcodeGhost attack, but Apple's trial with Epic is surfacing new details.

Trial documents highlighted by Motherboard indicate that a total of 128 million users downloaded apps with the XcodeGhost malware, including 18 million users in the United States.

XcodeGhost was one of the biggest attacks against iPhone users to date due to the number of ‌iPhone‌ users that were impacted. The 128 million impacted users got malware from downloads of more than 2,500 affected apps.

Based on emails shared in the trial, Apple worked to determine the impact of the attack and how to best notify those who downloaded infected apps. "Due to the large number of customers potentially affected, do we want to send an email to all of them?" Apple's ‌App Store‌ vice president Matt Fischer asked.

Apple did ultimately inform users that downloaded XcodeGhost apps, and also published a list of the top 25 most popular apps that were compromised. Apple removed all of the infected apps from the ‌App Store‌, and provided information to developers to help them validate Xcode going forward.

XcodeGhost was a widespread attack, but it was not effective or dangerous. At the time, Apple said that it had no information to suggest that the malware was ever used for any malicious purpose nor that sensitive personal data was stolen, but it did collect app bundle identifiers, network details, and device names and types.

Tag: Epic Games vs. Apple Guide

Top Rated Comments

Stromos Avatar
Stromos
34 months ago
Yes its so convenient to figure out which app store I need to download and install to get an app. Then provide credit card details to any and every developer that I want to purchase something. Then figure out which store I need to open to update an app. Better regularly launch the alternative stores to get updates. Oh a store was compromised which apps on my device came from that store?

No purpose to the end user at all.
Score: 20 Votes (Like | Disagree)
deevey Avatar
deevey
34 months ago

how are these companies obtaining these private emails?
The ongoing Epic / Apple.

I'd guess these emails were entered into evidence by Apple as an insight into what they actually do in term of securing the App Store, further justifying the 30% commission.
Score: 8 Votes (Like | Disagree)
ArPe Avatar
ArPe
34 months ago
If phones turned into multiple App Store flea markets then half the apps installed would be these malware and spyware. Every one of you could have your money stolen or become the next Khashoggi.
Score: 6 Votes (Like | Disagree)
hot-gril Avatar
hot-gril
34 months ago
It's silly that Apple has to even justify the 30% commission they charge on their own platform that devs and users are free to use or not use, esp when nobody else justifies the same, but these emails are interesting to read.
Score: 6 Votes (Like | Disagree)
rjohnstone Avatar
rjohnstone
34 months ago

It's silly that Apple has to even justify the 30% commission they charge on their own platform that devs and users are free to use or not use, esp when nobody else justifies the same, but these emails are interesting to read.
Devs are not free to use the platform. They have to pay annually to have the opportunity to be listed. Not all apps get listed. ;)
Score: 6 Votes (Like | Disagree)
Cosmosent Avatar
Cosmosent
34 months ago
Another Nugget thanks to the trial !
Score: 6 Votes (Like | Disagree)
Read All Comments

Popular Stories

apple card 1

Apple Ending Apple Card Partnership With Goldman Sachs

Tuesday November 28, 2023 3:09 pm PST by
Apple is ending its credit card partnership with Goldman Sachs, according to The Wall Street Journal. Apple plans to stop working with Goldman Sachs in the next 12 to 15 months, and it is not yet clear if Apple has established a new partnership for the Apple Card. Apple and Goldman Sachs will dissolve their entire consumer partnership, including the Apple Card and the Apple Savings account....
Read Full Article423 comments
iOS 17

Everything New in iOS 17.2 Beta 4

Tuesday November 28, 2023 12:18 pm PST by
Apple is wrapping up development on iOS 17.2, with the update expected to come out in December. While we're getting to the end of the beta testing period, Apple is still tweaking features and adding new functionality. We've rounded up everything new in the fourth beta of iOS 17.2. Default Notification Sound Under Sounds & Haptics, there's a new "Default Alerts" section that allows you to ...
Read Full Article39 comments
ios 17 namedrop

Police Departments and News Sites Spreading Misinformation About How iOS 17 NameDrop Feature Works

Monday November 27, 2023 5:11 pm PST by
Apple with iOS 17.1 and watchOS 10.1 introduced a new NameDrop feature that is designed to allow users to place Apple devices near one another to quickly exchange contact information. Sharing contact information is done with explicit user permission, but some news organizations and police departments have been spreading misinformation about how NameDrop functions. As noted by The Washington...
Read Full Article139 comments
All New CarPlay Five New Features Article 2

What to Expect From All-New CarPlay, Still Listed as Coming 'Late 2023'

Tuesday November 28, 2023 7:44 am PST by
At WWDC in June 2022, Apple previewed the next generation of CarPlay, promising deeper integration with vehicle functions like A/C and FM radio, support for multiple displays across the dashboard, increased personalization, and more. Apple's website still says the first vehicles with support for the next-generation CarPlay experience will be announced in "late 2023," but it has not shared...
Read Full Article95 comments
iOS 17

iOS 17.1.2 Update for iPhone Likely to Be Released This Week

Monday November 27, 2023 8:24 am PST by
Apple will likely release iOS 17.1.2 this week, based on mounting evidence of the software in our website's analytics logs in recent days. As a minor update, iOS 17.1.2 should be focused on bug fixes, but it's unclear exactly which issues might be addressed. Some users have continued to experience Wi-Fi issues on iOS 17.1.1, so perhaps iOS 17.1.2 will include the same fix for Wi-Fi...
Read Full Article55 comments
Apple 5G Modem Feature Triad

Apple to Discontinue Custom 5G Modem Development, Claim Reports

Wednesday November 29, 2023 4:19 am PST by
Apple is discontinuing in-house modem development after several unsuccessful attempts to perfect its own custom 5G modem chip, according to unconfirmed reports coming out of Asia. According to the operator of news aggregator account "yeux1122" on the Naver blog, supply chain sources related to Apple's 5G modem departments claim that the company's attempts to develop its own modem have...
Read Full Article222 comments
Apple Logo

Apple Discontinued These 5 Products This Year

Monday November 27, 2023 7:03 am PST by
As the end of 2023 nears, now is a good opportunity to look back at some of the devices and accessories that Apple discontinued throughout the year. Apple products discontinued in 2023 include the iPhone 13 mini, 13-inch MacBook Pro, MagSafe Battery Pack, MagSafe Duo Charger, and leather accessories. Also check out our lists of Apple products discontinued in 2022 and 2021. iPhone Mini ...
Read Full Article
Google Drive

Some Google Drive Users' Files Have Mysteriously Vanished

Tuesday November 28, 2023 3:55 am PST by
Google Drive users have been warned not to disconnect their account within the Google Drive for desktop app, after a spate of reports of files going missing from the cloud service. Alarm bells began ringing last week on Google's community support site when some users reported files mysteriously disappearing from Google Drive, with some posters claiming six or more months of data had...
Read Full Article90 comments