iPhone Malware Exposed 128 Million Users: What Is XcodeGhost and Why Was It a Security Risk?

IPhone Malware Exposed 128 Million Users: What Is XcodeGhost and Why Was It a Security Risk?
Internal Apple e-mails exposed in the current Epic Games vs. Apple trial confirmed that 128 million consumers who downloaded over 2,500 apps were infected by the China-originated malware "XcodeGhost." Photo : Justin Sullivan/Getty Images

Internal Apple e-mails exposed in the current Epic Games vs. Apple trial confirmed that 128 million consumers who downloaded over 2,500 apps were infected by the China-originated malware "XcodeGhost."

The malware came from a bogus copy of Xcode, which is Apple's developing tool for iOS and OS X apps.  The 2,500 infected apps had been downloaded 203 million times from the AppStore, as per 9to5Mac.

Epic Games brought Apple to court in an anti-trust trial, particularly practices related to its AppStore such as the tech giant's restrictions on apps from having other in-app purchasing methods not part of the AppStore, as well as its 30 percent cut with every purchase of its "Fortnite" game.

Read Also: Beware of the New Android Malware Called BlackRock As It Targets Data From Over 300 Apps!

iPhone Malware Affecting 128 Million Users Confirmed in Internal E-mails

A former top Apple official Dale Bagwell, who was the iTunes Customer Experience Manager at that time, confirmed the internal emails in a report on Motherboard. Other Apple employees mentioned the breach in detail, saying that while 66 percent of the downloads came from China, around 18 million affected users came from the U.S., the emails further revealed.

In the emails, officers were quoted as adamant yet wary to send e-mails to all affected users about the infection and the apps affected, saying they encountered similar issues in the past.

How XcodeGhost Malware Infected Apple Devices

This XcodeGhost malware collects information about the devices that host them and upload those data to command and control (C2) servers run by cybercriminals. System and app data gathered include current time, infected app's name, app's bundle identifier, device name and type, system language and country, and the device's universally unique identifier (UUID), as Macrumors disclosed in 2015.

Developers had looked for alternative sites to download the Xcode, and because of this, they had acquired a fictitious copy with the XcodeGhost malware. Because of this, thousands of popular apps were affected. When Apple learned of the malware's existence, it told developers to recompile the apps with the genuine version of XCode.

Apple iPhone Bug Fixed

Since then, Apple made the installation process of Xcode more secure, while enforcing malware checks before uploading apps to the AppStore.

The malicious version of Xcode had been uploaded to Chinese cloud file sharing service Baidu in 2015, and was in turn downloaded by developers burdened by Apple's slow servers, as Macrumors revealed. Chinese iOS developers first downloaded the fake Xcode with the XcodeGhost malware and inadvertently compiled iOS apps using the modified Xcode IDE. They then subsequently uploaded and distributed those infected apps on the AppStore.

The apps still passed Apple's code review process, and this enabled users to install or update infected apps on their iPhone, iPad, and iPod Touch models running an iOS version compatible with the infected apps.

As part of the Epic vs Apple trial, testimony from an App Store head bared an iOS app review process currently ongoing.

Related Article: Mac ThiefQuest Ransomware Should Be Taken as a Warning For People That All Computers Can Be Infected

© 2021 iTech Post All rights reserved. Do not reproduce without permission.

More from iTechPost