In 2015 the XcodeGhost has injected malware into various iPhone and iPad apps, and afterward, these apps were uploaded to the App Store.
Recently through an email from Dale Bagwell, confirmed that nearly 128 million users had already downloaded more than 2,500 apps, which were infected by the XcodeGhost malware.
Affected users from all over the world
Among 128 million users, 18 million users belong to the United States. In a report, Apple stated that back at that time XcodeGhost was one of the most extensive attacks against iPhone users.
However, at that time the XcodeGhost malware was quickly stopped, but the clear details regarding the impact and attack remained unclear.
But this email gave a clear picture of the attack and its impact. Apart from this, the email also stated that how Apple tried to figure out the seriousness of the attack so that they can eventually notify the victims.
According to the security researchers of Apple, the hackers have directly attacked the XCode installer files which were eventually hosted on Baidu’s servers in China.
The hackers of this malware ensured that any new application for either iOS or OSX must get created with the infected compliers of the malware.
After being created, the app will eventually get infected from the time of its formation, and later it will get uploaded to the App Store or the Mac App Store.
Apple informed the affected users
This malware has attacked many applications and users, thus Apple has started wondering that how they will notify the users regarding the hack.
Matt Fisher, vice president of the App Store, thought about an email procedure to notify the users because there were a larger number of users who got affected by this malware.
But sending an email will create some problems in terms of the language localization of email, as there are many users from different parts of the world who got affected by this malware.
However, with the help of the bulk request tool, Apple has manifested to send emails, but they are still testing the correct way of procedure to put the application name.
Apple servers were running slow, and that’s why various developers looked for an alternative link to download the link, thus developer from all over the world has downloaded the infected Xcode.
After getting notified regarding the malware attack, Apple immediately suggested the developers redraft the application with a legitimate version of Xcode.
However, sending emails to 128 million users will take a week of time to reach them but there is no other option to notify the users. Apart from this Apple is trying its best to know all the key details regarding the ‘XcodeGhost” malware.
Apple is not yet confirmed that why the hackers have attacked this application, whether it has been done as a malicious act or it was done for the purpose of collecting the personal information of the users.
Moreover, Apple has not clearly reported or said that how many apps they had discovered till now. On the other side, Chinese security company Qihoo360 said that they have discovered 344 applications that are affected by the XcodeGhost malware.