Internal Apple e-mails exposed in the current Epic Games vs. Apple trial confirmed that 128 million consumers who downloaded over 2,500 apps were infected by the China-originated malware "XcodeGhost."
The malware came from a bogus copy of Xcode, which is Apple's developing tool for iOS and OS X apps. The 2,500 infected apps had been downloaded 203 million times from the AppStore, as per 9to5Mac.
Epic Games brought Apple to court in an anti-trust trial, particularly practices related to its AppStore such as the tech giant's restrictions on apps from having other in-app purchasing methods not part of the AppStore, as well as its 30 percent cut with every purchase of its "Fortnite" game.
iPhone Malware Affecting 128 Million Users Confirmed in Internal E-mails
A former top Apple official Dale Bagwell, who was the iTunes Customer Experience Manager at that time, confirmed the internal emails in a report on Motherboard. Other Apple employees mentioned the breach in detail, saying that while 66 percent of the downloads came from China, around 18 million affected users came from the U.S., the emails further revealed.
In the emails, officers were quoted as adamant yet wary to send e-mails to all affected users about the infection and the apps affected, saying they encountered similar issues in the past.
How XcodeGhost Malware Infected Apple Devices
This XcodeGhost malware collects information about the devices that host them and upload those data to command and control (C2) servers run by cybercriminals. System and app data gathered include current time, infected app's name, app's bundle identifier, device name and type, system language and country, and the device's universally unique identifier (UUID), as Macrumors disclosed in 2015.
Developers had looked for alternative sites to download the Xcode, and because of this, they had acquired a fictitious copy with the XcodeGhost malware. Because of this, thousands of popular apps were affected. When Apple learned of the malware's existence, it told developers to recompile the apps with the genuine version of XCode.
Apple iPhone Bug Fixed
Since then, Apple made the installation process of Xcode more secure, while enforcing malware checks before uploading apps to the AppStore.
The malicious version of Xcode had been uploaded to Chinese cloud file sharing service Baidu in 2015, and was in turn downloaded by developers burdened by Apple's slow servers, as Macrumors revealed. Chinese iOS developers first downloaded the fake Xcode with the XcodeGhost malware and inadvertently compiled iOS apps using the modified Xcode IDE. They then subsequently uploaded and distributed those infected apps on the AppStore.
The apps still passed Apple's code review process, and this enabled users to install or update infected apps on their iPhone, iPad, and iPod Touch models running an iOS version compatible with the infected apps.
As part of the Epic vs Apple trial, testimony from an App Store head bared an iOS app review process currently ongoing.