Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

XcodeGhost Malware Discovered in 2015 Impacted 128 Million iOS Users

Documents submitted in a court case involving Apple revealed that the XcodeGhost malware discovered in 2015 impacted 128 million iOS users.

Documents submitted in a court case involving Apple revealed that the XcodeGhost malware discovered in 2015 impacted 128 million iOS users.

The information was uncovered in emails provided recently as part of the antitrust trial between Epic Games and Apple. The game maker filed a lawsuit against the tech giant last year in a California court over its App Store practices, specifically related to Apple removing Epic’s hit game, Fortnite, from the App Store for allegedly violating terms of contract.

The published emails (a link is provided by Ars Technica) show exchanges between Apple employees, including executives, discussing the XcodeGhost incident and the steps the company should take in response.

XcodeGhost is a piece of malware designed to inject malicious code into iOS and OS X applications through rogue versions of Xcode, Apple’s integrated development platform for creating iOS and macOS software. The attackers had delivered the rogue Xcode via third-party websites aimed at Chinese developers.

When the malware was first discovered, cybersecurity companies and independent researchers spotted more than 4,000 iOS applications that had been compromised by XcodeGhost. No malicious OS X apps were seen in the wild.

The malicious iOS apps allowed attackers to collect information about the hacked devices and open arbitrary URLs. However, the malware did not appear to target sensitive user information from devices.

Apple at the time removed the malicious applications from the App Store and provided information for developers on how to determine if the version of Xcode they were using was legitimate.

The emails sent internally by Apple following the incident reveal that Apple had identified more than 2,500 malicious apps that had been downloaded 203 million times from the App Store. The tech giant determined that roughly 128 million customers had been impacted.

Advertisement. Scroll to continue reading.

While more than half of the affected users were in China, Apple had identified 18 million customers in the United States that had also been impacted. The company debated whether or not it should directly notify all 128 million affected users, but it seems that ultimately it decided not to.

SecurityWeek has reached out to Apple for comment and will update this article if the company responds.

UPDATE: Apple said it kept its users informed about the issue and provided them with information on the steps they could take, but did not say whether it directly notified them.

The company also said it worked with developers at the time to help them publish clean versions of their apps and push the updated versions to customers.

Related: XcodeGhost Malware Updated to Target iOS 9

Related: Apple Loses Copyright Suit Against Security Startup

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...