Security researchers have both good and bad news about the recently reported outbreak of XcodeGhost apps infecting Apple’s App Store. The bad: the infection was bigger than previously reported and dates back to April. The good: affected apps are more akin to adware than security-invading malware.
“XCodeGhost seems to be far more widespread than initially assumed,” researchers from security firm Appthority wrote in a blog post published Monday. “We were able to identify 476 affected apps for our customers from within our database–which is far more than the initial finding of around 40 apps would suggest.”
As the graph at the top of this post shows, the outbreak started in April and has steadily gained momentum over the following five months. It’s surprising that such a large number of apps were able to violate Apple’s stringent App Store policies for such an extended period of time. Researchers from competing security firm FireEye, meanwhile, reported finding 4,000 iOS apps infected by XcodeGhost. Neither firm identified the apps or say if they focused on Chinese-speaking users as most in the earlier batch did.