Apple Vs Epic Trail Reveals 128 Million iOS Users Were Affected By XcodeGhost Malware
Courtesy of the ongoing Epic vs. Apple trial, internal emails have come into the public domain revealing the extent of the infamous XcodeGhost malware that surfaced in 2015. According to internal emails, more than 128 iOS users were affected.
It may seem like a distant memory, but back in 2015 a fake copy of Apple’s Xcode developer software surfaced on the web that had been injected with malware.
Developers who downloaded, used, and compiled their apps using that version of Xcode were inadvertently injecting their own apps with malware that then made it onto the iOS App Store. In total, it seems that more than 128 million users downloaded a total of 2,500 popular apps that were infected.
Dale Bagwell, who was operating as the iTunes Customer Experience Manager at that time, confirmed the extent of the issue in the emails, with another employee chiming in to confirm that China represented 55% of the affected customers and 66% of the total downloads. 18 million of the affected iOS users were based in the United States.
The emails also confirm that Apple had internal discussions about the possibility of emailing all affected customers directly but had concerns over whether or not their internal tools were capable of identifying the customers and correctly linking the downloaded apps to the correspondence.
Just want to set expectations correctly here. We have a mass-request tool that will allow us to send the emails, however we are still testing to make sure that we can accurately include the names of the apps for each customer. There have been issues with this specific functionality in the past.
At the time, a number of high profile development teams took the opportunity to download the infected version of Xcode because Apple was experiencing slow server response times. The resolution involved having developers of infected applications recompile and resubmit their apps to the App Store via an official version of Xcode to ensure that the malware was removed.