Security Experts:

Connect with us

Hi, what are you looking for?



XcodeGhost Malware Discovered in 2015 Impacted 128 Million iOS Users

Documents submitted in a court case involving Apple revealed that the XcodeGhost malware discovered in 2015 impacted 128 million iOS users.

Documents submitted in a court case involving Apple revealed that the XcodeGhost malware discovered in 2015 impacted 128 million iOS users.

The information was uncovered in emails provided recently as part of the antitrust trial between Epic Games and Apple. The game maker filed a lawsuit against the tech giant last year in a California court over its App Store practices, specifically related to Apple removing Epic’s hit game, Fortnite, from the App Store for allegedly violating terms of contract.

The published emails (a link is provided by Ars Technica) show exchanges between Apple employees, including executives, discussing the XcodeGhost incident and the steps the company should take in response.

XcodeGhost is a piece of malware designed to inject malicious code into iOS and OS X applications through rogue versions of Xcode, Apple’s integrated development platform for creating iOS and macOS software. The attackers had delivered the rogue Xcode via third-party websites aimed at Chinese developers.

When the malware was first discovered, cybersecurity companies and independent researchers spotted more than 4,000 iOS applications that had been compromised by XcodeGhost. No malicious OS X apps were seen in the wild.

The malicious iOS apps allowed attackers to collect information about the hacked devices and open arbitrary URLs. However, the malware did not appear to target sensitive user information from devices.

Apple at the time removed the malicious applications from the App Store and provided information for developers on how to determine if the version of Xcode they were using was legitimate.

The emails sent internally by Apple following the incident reveal that Apple had identified more than 2,500 malicious apps that had been downloaded 203 million times from the App Store. The tech giant determined that roughly 128 million customers had been impacted.

While more than half of the affected users were in China, Apple had identified 18 million customers in the United States that had also been impacted. The company debated whether or not it should directly notify all 128 million affected users, but it seems that ultimately it decided not to.

SecurityWeek has reached out to Apple for comment and will update this article if the company responds.

UPDATE: Apple said it kept its users informed about the issue and provided them with information on the steps they could take, but did not say whether it directly notified them.

The company also said it worked with developers at the time to help them publish clean versions of their apps and push the updated versions to customers.

Related: XcodeGhost Malware Updated to Target iOS 9

Related: Apple Loses Copyright Suit Against Security Startup

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...