Researchers at FireEye observed 210 enterprises with XcodeGhost-infected applications running inside their networks that generated more than 28,000 attempts to connect to the XcodeGhost Command and Control (CnC) servers, according a Nov. 3 blog post.
While the majority of the malware’s callback attempts were to CnC servers in Germany, 33 percent were made to U.S. servers.
“70 percent of the victims within our customer base remain on older iOS versions,” researchers said in the blog. “We encourage them to update to the latest version iOS 9 as quickly as possible.”
Infections have been spotted in a wide range of industries, however; 65 percent were in the education sector when the researchers sorted infections by callback attempts to XcodeGhost CnC servers from inside the firm’s networks, according to the blog. High-Tech, manufacturing and Telecom sectors were also targeted but at a much lower frequency, the blog said.