128 Million Apple Users Unknowingly Downloaded Malware in 2015

App Store logo

Emails published in the Epic v Apple trial on Friday revealed that 128 million users downloaded malware from the App Store in 2015 (via Vice).

App Store Malware

In 2015 malware was inserted into thousands of apps in the App Store. Known as “XCodeGhost” the initial estimate was that 4,000 apps were affected. These apps stole device and user information and sent it to a command-and-control (CnC) server.

An email from Dale Bagwell, Apple’s iTunes customer experience manager at the time, said: “In total, 128M customers have downloaded the 2500+ apps that were affected LTD. Those customers drove 203M downloads of the 2500+ affected apps LTD.”

Apple employees discussed whether to notify the victims by email or not, a challenge where the company would have to “accurately include the names of the apps for each customer.” It would also take up to a week to notify all 128 million users.

The company told Motherboard Friday that it kept users informed, but did not specifically say they notified every single victim.

In an FAQ site about the incident, Apple said it didn’t believe the malware was actually used, or that it had actually stolen personal data other than “apps and general system information.”

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.