An email that has been published as part of an Epic Games v. Apple revealed that in 2015, 128 million iOS users installed 2,500+ infected apps were affected by the XcodeGhost malware.
The malware was placed inside an app that appeared to be official and at the time believed to be the biggest hack of iPhone users based on the number of people affected.
Of the 128 million users affected above, 18 million are from the US.
The malware is used to mine data from iOS users and Dale Bagwell, Apple’s iTunes customer experience manager, said that there were 203 million downloads of the 2500+ malware-laden apps.
Another Apple employee wrote in the email that China represented 55 percent of customers and 66 percent of downloads. A large number (18 million subscribers) were affected in the US.
The malware is supposed to be able to retrieve personal information from victims including the name of the infected application, device name and type, network information, and more.
“We are not aware that personally identifiable customer data is affected and the code also does not have the ability to request customer credentials to obtain iCloud and other service passwords,” Apple wrote on its website.
The malicious code can provide only some general information such as general application and system information.
Another email indicated that Apple was trying to figure out the importance of the hack, and how it would inform victims about it.
Matt Fischer, Apple’s vice president for the App Store, wondered if Apple wanted to email all of its customers who were affected by the hack.
“Note that this will pose some challenges in terms of localization of the email language because the download of this application takes place in various App Store storefronts around the world,” Fischer wrote.
Bagwell replied that telling all potential victims could be problematic, and emailing each victim could take some time.
While Apple said it would notify every victim of hacking, that is apparently not the case.
“We are working with developers to return the affected applications to the App Store as quickly as possible for customers to enjoy,” Apple said on its official website.
“The XcodeGhost creators repackaged the Xcode installer with malicious code and published links to the installer on many popular forums for iOS / OS X developers,” security firm Lookout.
Lookout explains that the developer is interested in downloading this tampered version of Xcode because it will download much faster in China than the official version of Xcode from Apple’s Mac App Store.
Some of the applications containing the XcodeGhost malware included popular titles at the time such as WeChat, and Angry Birds 2. The Chinese version.
Although the malware affects a large number of users, the malware itself is not considered sophisticated or dangerous.