Back in 2015, a malware-infected version of Xcode began circulating in China, and malware-ridden "XcodeGhost" apps made their way into Apple's App Store and past the App Store review team.
There were more than 50 known infected iOS apps at the time, including major apps like WeChat, NetEase, and Didi Taxi, with up to 500 million iOS users potentially impacted. It's been a long time since the XcodeGhost attack, but Apple's trial with Epic is surfacing new details.
Trial documents highlighted by Motherboard indicate that a total of 128 million users downloaded apps with the XcodeGhost malware, including 18 million users in the United States.
XcodeGhost was one of the biggest attacks against iPhone users to date due to the number of iPhone users that were impacted. The 128 million impacted users got malware from downloads of more than 2,500 affected apps.
Based on emails shared in the trial, Apple worked to determine the impact of the attack and how to best notify those who downloaded infected apps. "Due to the large number of customers potentially affected, do we want to send an email to all of them?" Apple's App Store vice president Matt Fischer asked.
Apple did ultimately inform users that downloaded XcodeGhost apps, and also published a list of the top 25 most popular apps that were compromised. Apple removed all of the infected apps from the App Store, and provided information to developers to help them validate Xcode going forward.
XcodeGhost was a widespread attack, but it was not effective or dangerous. At the time, Apple said that it had no information to suggest that the malware was ever used for any malicious purpose nor that sensitive personal data was stolen, but it did collect app bundle identifiers, network details, and device names and types.