The XcodeGhost malware spread to millions of iPhones

According to documents published in the Epic Games-Apple lawsuit, the malware attack took place in 2015 with about 128 million iPhone and iPad devices being infected.

The XcodeGhost malware was spread by hackers through the hidden installation of a version of Xcode programming software, then sharing on forums for iOS developers. Some of these malicious applications at that time included many popular names such as WeChat, the Chinese version of Angry Birds 2. Statistics show that about 2,500 applications were infected with malware and up to 203 million. users who downloaded these anti-malware applications

Security experts believe that the XcodeGhost malware can collect information such as infected application name, device model, network information and some other data. Later, Apple said it did not record data associated with the user's identity, or the iCloud login password was collected.

After the problem was discovered, Apple asked developers to use the official version of Xcode to compile the app before re-releasing it on the App Store. According to 9to5mac , Apple also strengthens the security process when installing Xcode, checking the application's malicious code before releasing it on the App Store after the incident.