A whopping 128 million iOS users worldwide installed malware on their iPhones back in 2015
Emails that have been published as part of the Epic Games v. Apple trial have revealed that back in 2015, 128 million iOS users installed 2,500+ infected apps that were affected by the XcodeGhost malware. The malware was placed inside apps that appeared to be legitimate and at the time it was believed to be the largest hack against iPhone users based on the number of people affected. Of the aforementioned 128 million users impacted, 18 million were from the U.S.
128 million iOS users installed 2500+ malware infected apps in 2015 including popular titles like WeChat and Angry Birds 2
The malware was used to mine data from iOS users and Dale Bagwell, Apple's manager of iTunes customer experience, said that there were 203 million downloads of the those 2500+ malware-laden apps. Another Apple employee wrote in an email that "China represents 55% of customers and 66% of downloads. As you can see, a significant number (18 million customers) are affected in the US."
One of the apps filled with malware was the Angry Birds 2 game
The malware was supposed to be able to grab personal information from victims including the name of the infected app, the name and type of the device, network information and more. In its FAQ site, Apple wrote, "we’re not aware of personally identifiable customer data being impacted and the code also did not have the ability to request customer credentials to gain iCloud and other service passwords," and that the "malicious code could only have been able to deliver some general information such as the apps and general system information."
Other emails indicated that Apple was trying to figure out the importance of the hack, and how it would tell the victims about it. Matt Fischer, Apple's vice president for the App Store, wondered whether Apple wanted to send an email to all of its customers affected by the hack. Fischer wrote, "Note that this will pose some challenges in terms of language localizations of the email, since the downloads of these apps took place in a wide variety of App Store storefronts around the world."
Bagwell responded that alerting all of the potential victims could be a problem, and that sending an email to each of the victims could take some time. While Apple said that it would tell every victim of the hack, that apparently wasn't the case. And back in 2015, Apple said in an FAQ online (that can no longer be found) that "We’re working closely with developers to get impacted apps back on the App Store as quickly as possible for customers to enjoy."
Security firm Lookout said at the time that, "XcodeGhost’s creators repackaged Xcode installers with the malicious code and published links to the installer on many popular forums for iOS/OS X developers." Lookout explained that "Developers were enticed into downloading this tampered version of Xcode because it would download much faster in China than the official version of Xcode from Apple’s Mac App Store."
Some of the apps that contained the XcodeGhost malware included popular titles at the time such as WeChat, and the Chinese version of Angry Birds 2. While the malware did impact a large number of users, the malware itself was not considered sophisticated or dangerous.