XcodeGhost malware infected 128 million iOS devices

As part of the antitrust litigation between Epic Games and Apple, documents were released according to which detected in 2015 XcodeGhost malware overall infected more than 128 million iOS devices.

Information about XcodeGhost was contained in emails that are now in the public domain. In them, Apple employees discuss the XcodeGhost incident and possible steps the company should take.

The XcodeGhost malware was first spotted in 2015, when was discovered that hackers had tampered with the Xcode developer tool, releasing their own version dubbed XcodeGhost.

Then Apple removed the malicious apps from the App Store and posted instructions for developers that they could use to determine the legitimacy of their version of Xcode.

Now it turns out that when Apple identified over 2,500 malicious apps, they were downloaded from the App Store over 203,000,000 times. According to the estimates of the company’s specialists, about 128 million users around the world have suffered from the malware. More than half of the victims were in China, but Apple also identified 18 million victims in the United States.

In a leaked email, company employees are discussing whether or not to directly notify all 128 million people of the problem, and it appears that Apple ultimately made the decision not to inform them.

Apple representatives told SecurityWeek that they are constantly informing their users about the problem and providing them with all the necessary information, but the company did not specify whether the victims were directly notified of XcodeGhost.

The Appthority experts found out that XcodeGhost made not the worst changes to the application code. Malware did not try to extract personal data from users, or passwords from iCloud and other services. The researchers concluded that it is more of an adware.

Let me remind you that we also reported that Apple lost court case against startup Corellium.