'XcodeGhost' Malware Attack in 2015 Impacted 128 Million iOS Users, According to Trial Documents

Back in 2015, a malware-infected version of Xcode began circulating in China, and malware-ridden "XcodeGhost" apps made their way into Apple's App Store and past the ‌App Store‌ review team.

XcodeGhost Featured1
There were more than 50 known infected iOS apps at the time, including major apps like WeChat, NetEase, and Didi Taxi, with up to 500 million iOS users potentially impacted. It's been a long time since the XcodeGhost attack, but Apple's trial with Epic is surfacing new details.

Trial documents highlighted by Motherboard indicate that a total of 128 million users downloaded apps with the XcodeGhost malware, including 18 million users in the United States.

XcodeGhost was one of the biggest attacks against iPhone users to date due to the number of ‌iPhone‌ users that were impacted. The 128 million impacted users got malware from downloads of more than 2,500 affected apps.

Based on emails shared in the trial, Apple worked to determine the impact of the attack and how to best notify those who downloaded infected apps. "Due to the large number of customers potentially affected, do we want to send an email to all of them?" Apple's ‌App Store‌ vice president Matt Fischer asked.

Apple did ultimately inform users that downloaded XcodeGhost apps, and also published a list of the top 25 most popular apps that were compromised. Apple removed all of the infected apps from the ‌App Store‌, and provided information to developers to help them validate Xcode going forward.

XcodeGhost was a widespread attack, but it was not effective or dangerous. At the time, Apple said that it had no information to suggest that the malware was ever used for any malicious purpose nor that sensitive personal data was stolen, but it did collect app bundle identifiers, network details, and device names and types.

Popular Stories

M4 Mac mini Ortho Silver Cooler

Amazon Leaks Smaller Mac Mini With M4 and M4 Pro Chips, Two Front USB-C Ports, Up to 64GB of RAM, and More

Monday October 28, 2024 7:16 pm PDT by
Amazon has seemingly leaked the rumored next-generation Mac mini ahead of Apple's announcement this week, revealing several details. Our concept of a smaller Mac mini According to a comparison chart on Amazon's product listing for the new iMac, the new Mac mini will be available with M4 and M4 Pro chip options, with up to a 14-core CPU and up to a 20-core GPU. In addition, the chart indicates ...
M4 iMac With Magic Accessories

Apple Announces iMac With M4 Chip, Upgraded Camera, Nano-Texture Display Option, and More

Monday October 28, 2024 8:01 am PDT by
Apple today announced that it has updated the 24-inch iMac with the M4 chip, which debuted in the iPad Pro earlier this year. This upgrade comes around one year after the previous iMac with the M3 chip was released. Subscribe to MacRumors on YouTube for more videos! As expected, the M4 chip in the iMac is available with up to a 10-core CPU and up to a 10-core GPU. Apple says the iMac with the ...
maxresdefault

Apple Announces Redesigned Mac Mini With M4 and M4 Pro Chips, Two Front USB-C Ports, and More

Tuesday October 29, 2024 8:01 am PDT by
Apple today announced fully redesigned Mac mini models featuring the M4 and M4 Pro chips, a considerably smaller casing, two front-facing USB-C ports, Thunderbolt 5 connectivity, and more. Subscribe to the MacRumors YouTube channel for more videos. The product refresh marks the first time the Mac mini has been redesigned in over a decade. The enclosure now measures just five by five inches...
apple oct 2024 mac tease

Apple Promises Two More Mac Announcements This Week Following New iMac Today

Monday October 28, 2024 11:18 am PDT by
Apple introduced a new iMac today with the M4 chip and more, but that's not all, as it still has two more Mac announcements planned this week. "This is a huge week for the Mac, and this morning, we begin a series of three exciting new product announcements that will take place over the coming days," said Apple's hardware engineering chief John Ternus, in a video announcing the new iMac....
maxresdefault

Apple Releases iOS 18.1 and iPadOS 18.1 With Apple Intelligence

Monday October 28, 2024 8:07 am PDT by
Apple today released iOS 18.1 and iPadOS 18.1, the first major updates to the iOS 18 and iPadOS 18 updates that came out in September. iOS 18.1 and iPadOS 18.1 come six weeks after the release of iOS 18 and iPadOS 18. Subscribe to the MacRumors YouTube channel for more videos. The new software can be downloaded on eligible iPhones and iPads over-the-air by going to Settings > General >...
tvOS 18 Thumb 3

Apple Releases tvOS 18.1

Monday October 28, 2024 8:04 am PDT by
Apple today released tvOS 18.1, the newest version of the tvOS 18 operating system that came out in September. tvOS 18.1 comes over a month after Apple released tvOS 18, and it is available for the Apple TV 4K and the Apple TV HD models. tvOS 18.1 can be downloaded using the Settings app on the ‌Apple TV‌. Open up Settings and go to System > Software Update to get the new software. ‌Apple...
watchOS 11 Thumb 2 1

Apple Releases watchOS 11.1

Monday October 28, 2024 8:05 am PDT by
Apple today released watchOS 11.1, the first major update to the operating system that runs on the Apple Watch. watchOS 11.1 comes one month after Apple released watchOS 11. watchOS 11.1 is compatible with the Apple Watch Series 6 and later, all Apple Watch Ultra models, and the Apple Watch SE 2. watchOS 11.1 can be downloaded on an iPhone running iOS 18.1 by opening up the Apple Watch app...
iOS 18

iOS 18.1: What You Get If You Don't Have an iPhone With Apple Intelligence

Monday October 28, 2024 3:49 pm PDT by
iOS 18.1 is the first iOS 18 update with Apple Intelligence capabilities, and that's what a lot of the coverage about the new software has focused on. If you don't have an iPhone that's capable of Apple Intelligence, you're probably wondering just what's in the update for you. While Apple Intelligence does make up the bulk of what's new, if you have an older device, you still get some solid...

Top Rated Comments

Stromos Avatar
46 months ago
Yes its so convenient to figure out which app store I need to download and install to get an app. Then provide credit card details to any and every developer that I want to purchase something. Then figure out which store I need to open to update an app. Better regularly launch the alternative stores to get updates. Oh a store was compromised which apps on my device came from that store?

No purpose to the end user at all.
Score: 20 Votes (Like | Disagree)
deevey Avatar
46 months ago

how are these companies obtaining these private emails?
The ongoing Epic / Apple.

I'd guess these emails were entered into evidence by Apple as an insight into what they actually do in term of securing the App Store, further justifying the 30% commission.
Score: 8 Votes (Like | Disagree)
ArPe Avatar
46 months ago
If phones turned into multiple App Store flea markets then half the apps installed would be these malware and spyware. Every one of you could have your money stolen or become the next Khashoggi.
Score: 6 Votes (Like | Disagree)
hot-gril Avatar
46 months ago
It's silly that Apple has to even justify the 30% commission they charge on their own platform that devs and users are free to use or not use, esp when nobody else justifies the same, but these emails are interesting to read.
Score: 6 Votes (Like | Disagree)
rjohnstone Avatar
46 months ago

It's silly that Apple has to even justify the 30% commission they charge on their own platform that devs and users are free to use or not use, esp when nobody else justifies the same, but these emails are interesting to read.
Devs are not free to use the platform. They have to pay annually to have the opportunity to be listed. Not all apps get listed. ;)
Score: 6 Votes (Like | Disagree)
Cosmosent Avatar
46 months ago
Another Nugget thanks to the trial !
Score: 6 Votes (Like | Disagree)