A staggering 128 million iOS users worldwide installed malware on their iPhones in 2015


Emails published as part of the Epic Games v. Apple experiment have revealed that as early as 2015, 128 million iOS users installed more than 2,500 infected applications affected by the XcodeGhost malware. The malware was placed in apps that appeared to be legitimate, and at the time it was believed to be the biggest hack against iPhone users based on the number of people. Of the 128 million users mentioned above, 18 million were from the United States

128 million iOS users installed more than 2,500 malware-infected apps in 2015, including popular titles like WeChat and Angry Birds 2

The malware was used to extract data from iOS users, and Dale Bagwell, Apple’s director of iTunes customer experience, said 203 million of these more than 2,500 malware applications were downloaded. Another Apple employee wrote in an email that “China represents 55% of customers and 66% of downloads. As you can see, in the United States, this affects a significant number (18 million customers).”

The malware was meant to be able to capture victims ’personal information, including the name of the infected application, the name and type of the device, network information, and more. In frequently asked questions, Apple wrote, “We are not aware of the impact of personally identifiable customer information, nor was the code able to request customer information to obtain iCloud and other service passwords” and that “the malware could only have been able to provide some general information such as applications and general system information.”

Other emails reported that Apple was trying to figure out the importance of hacking and how it told victims about it. Matt Fischer, vice president of Apple’s App Store, wondered if Apple wanted to send email to all customers affected by hacking. Fischer wrote: “Note that this poses some challenges to the localization of the email language, as these applications were downloaded in a wide variety of App Store stores around the world.”

Bagwell replied that alerting all potential victims could be a problem and that sending an email to each victim could take some time. While Apple said it would tell every victim of hacking, apparently it wasn’t. And in 2015, Apple said in online frequently asked questions (which can no longer be found) that “We work closely with developers to get impressive apps back to the App Store as quickly as possible so customers can enjoy them.”

Security company Lookout said at the time that “the creators of XcodeGhost repackaged Xcode installers with malware and posted installation links to many popular iOS / OS X developer forums.” Lookout explained that “developers were enticed to download this covert version of Xcode because it downloaded in China much faster than the official version of Xcode from Apple’s Mac App Store.”

Some applications that included the XcodeGhost malware included popular titles such as WeChat and the Chinese version of Angry Birds 2. Although the malware affected a large number of users, the malware itself was not considered advanced or dangerous.


Leave feedback about this

  • Rating

Flying in Style: Explore the World’s Tiniest Jets! How Fast Is a Private Flight? Master the Skies with Your Private Jet License with Easy Steps! Top 8 Best Private Jet Companies Your Ultimate Guide to Private Jet Memberships!