XcodeGhost malware infected 128 million iOS devices

As part of the antitrust litigation between Epic Games and Apple, documents were released according to which detected in 2015 XcodeGhost malware overall infected more than 128 million iOS devices.

Let me remind you that last year the game manufacturer filed a lawsuit against Apple, as the latter removed the game Fortnite from the App Store, allegedly due to a violation of the terms of the contract.

Information about XcodeGhost was contained in emails that are now in the public domain. In them, Apple employees discuss the XcodeGhost incident and possible steps the company should take.

The XcodeGhost malware was first spotted in 2015, when was discovered that hackers had tampered with the Xcode developer tool, releasing their own version dubbed XcodeGhost.

As a result, all applications built with XcodeGhost turned out to be unsafe for users. As it soon became clear, there were more than 4,000 such applications.reported in the documents.

Then Apple removed the malicious apps from the App Store and posted instructions for developers that they could use to determine the legitimacy of their version of Xcode.

Now it turns out that when Apple identified over 2,500 malicious apps, they were downloaded from the App Store over 203,000,000 times. According to the estimates of the company’s specialists, about 128 million users around the world have suffered from the malware. More than half of the victims were in China, but Apple also identified 18 million victims in the United States.

In a leaked email, company employees are discussing whether or not to directly notify all 128 million people of the problem, and it appears that Apple ultimately made the decision not to inform them.

Apple representatives told SecurityWeek that they are constantly informing their users about the problem and providing them with all the necessary information, but the company did not specify whether the victims were directly notified of XcodeGhost.

The Appthority experts found out that XcodeGhost made not the worst changes to the application code. Malware did not try to extract personal data from users, or passwords from iCloud and other services. The researchers concluded that it is more of an adware.

The framework itself does not contain code for displaying login fields or notifications that can be used to phish personal data (the notification window does not contain text input fields). The only possible way to carry out a phishing attack using this framework is to force server to open a URL leading to a malicious site.Appthority experts said.

Let me remind you that we also reported that Apple lost court case against startup Corellium.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button