'XcodeGhost' Malware Attack in 2015 Impacted 128 Million iOS Users, According to Trial Documents

Back in 2015, a malware-infected version of Xcode began circulating in China, and malware-ridden "XcodeGhost" apps made their way into Apple's App Store and past the ‌App Store‌ review team.

XcodeGhost Featured1
There were more than 50 known infected iOS apps at the time, including major apps like WeChat, NetEase, and Didi Taxi, with up to 500 million iOS users potentially impacted. It's been a long time since the XcodeGhost attack, but Apple's trial with Epic is surfacing new details.

Trial documents highlighted by Motherboard indicate that a total of 128 million users downloaded apps with the XcodeGhost malware, including 18 million users in the United States.

XcodeGhost was one of the biggest attacks against iPhone users to date due to the number of ‌iPhone‌ users that were impacted. The 128 million impacted users got malware from downloads of more than 2,500 affected apps.

Based on emails shared in the trial, Apple worked to determine the impact of the attack and how to best notify those who downloaded infected apps. "Due to the large number of customers potentially affected, do we want to send an email to all of them?" Apple's ‌App Store‌ vice president Matt Fischer asked.

Apple did ultimately inform users that downloaded XcodeGhost apps, and also published a list of the top 25 most popular apps that were compromised. Apple removed all of the infected apps from the ‌App Store‌, and provided information to developers to help them validate Xcode going forward.

XcodeGhost was a widespread attack, but it was not effective or dangerous. At the time, Apple said that it had no information to suggest that the malware was ever used for any malicious purpose nor that sensitive personal data was stolen, but it did collect app bundle identifiers, network details, and device names and types.

Top Rated Comments

Stromos Avatar
7 months ago
Yes its so convenient to figure out which app store I need to download and install to get an app. Then provide credit card details to any and every developer that I want to purchase something. Then figure out which store I need to open to update an app. Better regularly launch the alternative stores to get updates. Oh a store was compromised which apps on my device came from that store?

No purpose to the end user at all.
Score: 20 Votes (Like | Disagree)
deevey Avatar
7 months ago

how are these companies obtaining these private emails?
The ongoing Epic / Apple.

I'd guess these emails were entered into evidence by Apple as an insight into what they actually do in term of securing the App Store, further justifying the 30% commission.
Score: 8 Votes (Like | Disagree)
ArPe Avatar
7 months ago
If phones turned into multiple App Store flea markets then half the apps installed would be these malware and spyware. Every one of you could have your money stolen or become the next Khashoggi.
Score: 6 Votes (Like | Disagree)
hot-gril Avatar
7 months ago
It's silly that Apple has to even justify the 30% commission they charge on their own platform that devs and users are free to use or not use, esp when nobody else justifies the same, but these emails are interesting to read.
Score: 6 Votes (Like | Disagree)
rjohnstone Avatar
7 months ago

It's silly that Apple has to even justify the 30% commission they charge on their own platform that devs and users are free to use or not use, esp when nobody else justifies the same, but these emails are interesting to read.
Devs are not free to use the platform. They have to pay annually to have the opportunity to be listed. Not all apps get listed. ;)
Score: 6 Votes (Like | Disagree)
Cosmosent Avatar
7 months ago
Another Nugget thanks to the trial !
Score: 6 Votes (Like | Disagree)

Related Stories

fortnite apple featured

Epic Games vs. Apple Trial Begins With Opening Remarks Underway

Monday May 3, 2021 9:05 am PDT by
The first day of the bench trial between Fortnite creator Epic Games and Apple is officially underway, with the companies delivering opening remarks before District Judge Yvonne Gonzalez Rogers in a Northern California courtroom. The saga dates back to August 2020, when Apple removed Fortnite from the App Store after Epic Games introduced a direct payment option in the app for its in-game...
appstore

Phil Schiller on App Store Knockoffs in 2012: 'Is No One Reviewing These Apps?'

Thursday May 6, 2021 1:49 pm PDT by
Knockoff apps have long been a problem in the App Store, with scam apps sneaking past reviewers to compete with genuine apps and steal sales, and back in 2012, Apple's Phil Schiller was absolutely furious when a fake app made it to the top of the App Store rankings, according to documents shared in the Epic v. Apple trial. At the time, Temple Run was a super popular iOS exclusive title, and...
apple app store page

Apple Exec: We Feature Competitors' Apps 'All The Time' on the App Store

Friday May 7, 2021 5:05 am PDT by
On May 3, the Epic Games vs. Apple trial got underway, and every day, new emails between Apple executives and employees continue to be shared by Epic as evidence for its case against Apple. In the latest batch of emails, the vice president of the App Store, Matt Fischer, claims that Apple features apps made by its competitors "all the time" on the store and rejects the sentiment that it...
app store safe secure

Study Finds Up to 2% of Top 1,000 Paid Apps on App Store Were Scams

Monday June 7, 2021 6:33 am PDT by
Apple has used its app review process as a bulwark in recent legal assaults on its App Store policy, and put particular emphasis on the security benefits for iOS users when buying apps. However, an investigation has found that almost 2% of the top 1,000 highest grossing apps on a given day were some sort of scam. According to The Washington Post, which conducted the investigation, scam apps...
timcookantitrust

Tim Cook 'Practicing for Hours' Ahead of Epic Games Testimony Expected This Week

Monday May 17, 2021 4:17 am PDT by
So far, Apple CEO Tim Cook has taken a backseat in defending Apple as it faces a significant legal battle with Epic Games regarding the App Store. While the CEO has commented on the platform in the past, for the first time this week, Tim Cook will take center stage in his company's battle with Epic Games. Apple in March submitted its list of executives that will testify during the trial...
fortnite apple featured

Apple Earned Over $100 Million From Fortnite

Wednesday May 19, 2021 12:02 pm PDT by
Apple collected more than $100 million in revenue from the 30 percent cut that it takes from Fortnite in-app purchases, according to testimony provided by App Store gaming business development head Michael Schmid, who shared the detail in the ongoing Epic v. Apple trial. As noted by Bloomberg, Schmid offered the $100 million figure as a rough estimate, and declined to provide a specific...
apple park drone june 2018 2

Unreleased MacBook Schematics Stolen in $50 Million Ransomware Attack on Apple Supplier

Wednesday April 21, 2021 2:47 am PDT by
As Apple held its "Spring Loaded" event where it unveiled brand new iPad Pros, a redesigned iMac, and the long-awaited release of AirTags, one of its main MacBook suppliers was undergoing a ransomware attack worth $50 million. As reported by Bloomberg, the ransomware group called REvil, publicly declared early on Tuesday that it had accessed the internal computers of Apple supplier Quanta...
app store blue banner

App Store Ecosystem Responsible for Estimated $643 Billion in Billings and Sales in 2020, According to Apple-Commissioned Study

Wednesday June 2, 2021 10:00 am PDT by
The App Store ecosystem facilitated an estimated $643 billion in billings and sales in 2020, an increase of 24 percent year-over-year, according to an Apple-commissioned study done by Analysis Group economists. [PDF] The study, "A Global Perspective on the Apple App Store Ecosystem," comes as Apple awaits a decision in its ongoing trial with Epic Games, much of which focused on App Store...
app store blue banner

Judge Grills Tim Cook on App Store Policies as End of of Epic Games v. Apple Trial Approaches

Friday May 21, 2021 12:48 pm PDT by
Apple CEO Tim Cook testified in the Epic Games v. Apple trial today, and some of the final questioning by Judge Yvonne Gonzalez-Rogers did not appear to go in Apple's favor. She spent several minutes grilling Cook on Apple's App Store policies and some of the statements that he made. "You said you want to give users control, so what's the problem with allowing users to have a cheaper option...
app store blue banner

Apple Highlights How the App Store Prevents Fraud Amid Legal Battle With Epic Games

Tuesday May 11, 2021 10:00 am PDT by
Apple today announced that, through a combination of automated technologies and human review processes, the company protected customers from more than $1.5 billion in potentially fraudulent transactions in 2020. Apple said secure payment technologies like Apple Pay and StoreKit (In-App Purchase) play an essential role in keeping users safe:With online data breaches frustratingly common,...