Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

128M iOS users were affected by 2015 XcodeGhost malware

Credit: AppleInsider

Last updated

A total of 128 million iOS users downloaded apps that were affected by the XcodeGhost malware in 2015, according to emails revealed during the Epic Games v. Apple trial.

The XcodeGhost malware was parsed into otherwise legitimate applications to mine user data in a coordinated campaign in 2015. Although the malware was quickly stopped, details about the full impact of the attack remained murky.

However, emails published as part of the Epic v. Apple trial have finally given us a clearer picture at the scope of the hack. In total, 128 million users downloaded the more than 2,500 tainted applications. About 18 million of those users were in the U.S., according to Vice, which first spotted the emails.

In addition to revealing the magnitude of the hack, the emails also detail how Apple scrambled to work out how serious it was and notify victims.

"Due to the large number of customers potentially affected, do we want to send an email to all of them?" said Matt Fischer, vice president of the App Store. "Note that this will pose some challenges in terms of language localizations of the email, since the downloads of these apps took place in a wide variety of App Store storefronts around the world."

Dale Bagwell, Apple's iTunes customer experience manager at the time, agreed that a mass notification would be challenging.

"Just want to set expectations correctly here. We have a mass-request tool that will allow us to send the emails, however we are still testing to make sure that we can accurately include the names of the apps for each customer," Bagwell wrote.

Bagwell also brought up some of the limitations of the tool, including the fact that sending a mass batch of emails to 128 million people could take up to a week.

Although the malware was widespread on the App Store, it wasn't particularly sophisticated or dangerous. At the time, Apple said it didn't have any information to suggest it was used to do anything malicious or harvest personally identifiable information.

The incident led Apple to acquire SourceDNA, a startup specializing in malware detection.