'XcodeGhost' Malware Attack in 2015 Impacted 128 Million iOS Users, According to Trial Documents

by

Back in 2015, a malware-infected version of Xcode began circulating in China, and malware-ridden "XcodeGhost" apps made their way into Apple's App Store and past the ‌App Store‌ review team.

XcodeGhost Featured1
There were more than 50 known infected iOS apps at the time, including major apps like WeChat, NetEase, and Didi Taxi, with up to 500 million iOS users potentially impacted. It's been a long time since the XcodeGhost attack, but Apple's trial with Epic is surfacing new details.

Trial documents highlighted by Motherboard indicate that a total of 128 million users downloaded apps with the XcodeGhost malware, including 18 million users in the United States.

XcodeGhost was one of the biggest attacks against iPhone users to date due to the number of ‌iPhone‌ users that were impacted. The 128 million impacted users got malware from downloads of more than 2,500 affected apps.

Based on emails shared in the trial, Apple worked to determine the impact of the attack and how to best notify those who downloaded infected apps. "Due to the large number of customers potentially affected, do we want to send an email to all of them?" Apple's ‌App Store‌ vice president Matt Fischer asked.

Apple did ultimately inform users that downloaded XcodeGhost apps, and also published a list of the top 25 most popular apps that were compromised. Apple removed all of the infected apps from the ‌App Store‌, and provided information to developers to help them validate Xcode going forward.

XcodeGhost was a widespread attack, but it was not effective or dangerous. At the time, Apple said that it had no information to suggest that the malware was ever used for any malicious purpose nor that sensitive personal data was stolen, but it did collect app bundle identifiers, network details, and device names and types.

Tag: Epic Games vs. Apple Guide

Popular Stories

iOS 26

15 New Things Your iPhone Can Do in iOS 26.2

Friday December 5, 2025 9:40 am PST by
Apple is about to release iOS 26.2, the second major point update for iPhones since iOS 26 was rolled out in September, and there are at least 15 notable changes and improvements worth checking out. We've rounded them up below. Apple is expected to roll out iOS 26.2 to compatible devices sometime between December 8 and December 16. When the update drops, you can check Apple's servers for the ...
Read Full Article51 comments
Intel Inside iPhone Feature

Apple's Return to Intel Rumored to Extend to iPhone

Friday December 5, 2025 10:08 am PST by
Intel is expected to begin supplying some Mac and iPad chips in a few years, and the latest rumor claims the partnership might extend to the iPhone. In a research note with investment firm GF Securities this week, obtained by MacRumors, analyst Jeff Pu said he and his colleagues "now expect" Intel to reach a supply deal with Apple for at least some non-pro iPhone chips starting in 2028....
Read Full Article151 comments
iPhone 14 Pro Dynamic Island

iPhone 18 Pro Leak Adds New Evidence for Under-Display Face ID

Monday December 8, 2025 4:54 am PST by
Apple is actively testing under-screen Face ID for next year's iPhone 18 Pro models using a special "spliced micro-transparent glass" window built into the display, claims a Chinese leaker. According to "Smart Pikachu," a Weibo account that has previously shared accurate supply-chain details on Chinese Android hardware, Apple is testing the special glass as a way to let the TrueDepth...
Read Full Article69 comments
iPhone 17 Pro Cosmic Orange

10 Reasons to Wait for Next Year's iPhone 18 Pro

Monday December 1, 2025 2:40 am PST by
Apple's iPhone development roadmap runs several years into the future and the company is continually working with suppliers on several successive iPhone models at the same time, which is why we often get rumored features months ahead of launch. The iPhone 18 series is no different, and we already have a good idea of what to expect for the iPhone 18 Pro and iPhone 18 Pro Max. One thing worth...
Read Full Article107 comments
iOS 26

Apple Seeds Second iOS 26.2 Release Candidate to Developers and Public Beta Testers

Monday December 8, 2025 10:18 am PST by
Apple today seeded the second release candidate version of iOS 26.2 to developers and public beta testers, with the software coming one week after Apple seeded the first RC. The release candidate represents the final version iOS 26.2 that will be provided to the public if no further bugs are found. Registered developers and public beta testers can download the betas from the Settings app on...
Read Full Article46 comments
Johny Srouji

Apple Chip Chief Johny Srouji Could Be Next to Go as Exodus Continues

Sunday December 7, 2025 10:41 am PST by
Apple's senior vice president of hardware technologies Johny Srouji could be the next leading executive to leave the company amid an alarming exodus of leading employees, Bloomberg's Mark Gurman reports. Srouji apparently recently told CEO Tim Cook that he is "seriously considering leaving" in the near future. He intends to join another company if he departs. Srouji leads Apple's chip design ...
Read Full Article379 comments
Johny Srouji

Apple's Chipmaking Chief Johny Srouji Responds to Report About Him Potentially Leaving

Monday December 8, 2025 9:23 am PST by
Apple's chipmaking chief Johny Srouji has reportedly indicated that he plans to continue working for the company for the foreseeable future. "I love my team, and I love my job at Apple, and I don't plan on leaving anytime soon," said Srouji, in a memo obtained by Bloomberg's Mark Gurman. Here is Srouji's full memo, as shared by Bloomberg:I know you've been reading all kind of rumors and...
Read Full Article82 comments
top stories 2025 12 04a

Top Stories: iOS 26.2 Coming Soon, Apple Execs Depart, and More

Saturday December 6, 2025 6:00 am PST by
You'd expect things to be starting to wind down for the holidays by now, but that doesn't seem to be the case yet in the world of Apple news, with Apple just about ready to release iOS 26.2 and other operating system updates to the public. There was also a flurry of news this week about Apple executive departures, some expected and some not so expected, while we also learned that Apple and...
Read Full Article8 comments
ive and altman

Jony Ive's OpenAI Device Barred From Using 'io' Name

Friday December 5, 2025 6:22 am PST by
A U.S. appeals court has upheld a temporary restraining order that prevents OpenAI and Jony Ive's new hardware venture from using the name "io" for products similar to those planned by AI audio startup iyO, Bloomberg Law reports. iyO sued OpenAI earlier this year after the latter announced its partnership with Ive's new firm, arguing that OpenAI's planned "io" branding was too close to its...
Read Full Article55 comments

Top Rated Comments

Stromos Avatar
Stromos
60 months ago
Yes its so convenient to figure out which app store I need to download and install to get an app. Then provide credit card details to any and every developer that I want to purchase something. Then figure out which store I need to open to update an app. Better regularly launch the alternative stores to get updates. Oh a store was compromised which apps on my device came from that store?

No purpose to the end user at all.
Score: 20 Votes (Like | Disagree)
deevey Avatar
deevey
60 months ago

how are these companies obtaining these private emails?
The ongoing Epic / Apple.

I'd guess these emails were entered into evidence by Apple as an insight into what they actually do in term of securing the App Store, further justifying the 30% commission.
Score: 8 Votes (Like | Disagree)
ArPe Avatar
ArPe
60 months ago
If phones turned into multiple App Store flea markets then half the apps installed would be these malware and spyware. Every one of you could have your money stolen or become the next Khashoggi.
Score: 6 Votes (Like | Disagree)
hot-gril Avatar
hot-gril
60 months ago
It's silly that Apple has to even justify the 30% commission they charge on their own platform that devs and users are free to use or not use, esp when nobody else justifies the same, but these emails are interesting to read.
Score: 6 Votes (Like | Disagree)
rjohnstone Avatar
rjohnstone
60 months ago

It's silly that Apple has to even justify the 30% commission they charge on their own platform that devs and users are free to use or not use, esp when nobody else justifies the same, but these emails are interesting to read.
Devs are not free to use the platform. They have to pay annually to have the opportunity to be listed. Not all apps get listed. ;)
Score: 6 Votes (Like | Disagree)
Cosmosent Avatar
Cosmosent
60 months ago
Another Nugget thanks to the trial !
Score: 6 Votes (Like | Disagree)
Read All Comments