Emails published as part of the Epic Games v. Apple experiment have revealed that as early as 2015, 128 million iOS users installed more than 2,500 infected applications affected by the XcodeGhost malware. The malware was placed in apps that appeared to be legitimate, and at the time it was believed to be the biggest hack against iPhone users based on the number of people. Of the 128 million users mentioned above, 18 million were from the United States
128 million iOS users installed more than 2,500 malware-infected apps in 2015, including popular titles like WeChat and Angry Birds 2
Other emails reported that Apple was trying to figure out the importance of hacking and how it told victims about it. Matt Fischer, vice president of Apple’s App Store, wondered if Apple wanted to send email to all customers affected by hacking. Fischer wrote: “Note that this poses some challenges to the localization of the email language, as these applications were downloaded in a wide variety of App Store stores around the world.”
Security company Lookout said at the time that “the creators of XcodeGhost repackaged Xcode installers with malware and posted installation links to many popular iOS / OS X developer forums.” Lookout explained that “developers were enticed to download this covert version of Xcode because it downloaded in China much faster than the official version of Xcode from Apple’s Mac App Store.”
Some applications that included the XcodeGhost malware included popular titles such as WeChat and the Chinese version of Angry Birds 2. Although the malware affected a large number of users, the malware itself was not considered advanced or dangerous.