1. Home
  2. Software
  3. XcodeGhost

XcodeGhost

XcodeGhost is iOS malware that infected at least 39 iOS apps in 2015 and potentially affected millions of users. [1] [2]

ID: S0297
Type: MALWARE
Version: 1.0
Created: 25 October 2017
Last Modified: 24 October 2022
Version Permalink
Mobile Layer
download view

Techniques Used

Domain ID Name Use
Mobile T1414 Clipboard Data

XcodeGhost can read and write data in the user’s clipboard.[2]
Mobile T1417 .002 Input Capture: GUI Input Capture

XcodeGhost can prompt a fake alert dialog to phish user credentials.[2]
Mobile T1474 .001 Supply Chain Compromise: Compromise Software Dependencies and Development Tools

XcodeGhost was injected into apps by a modified version of Xcode (Apple's software development tool).[1][2]

References

  1. Claud Xiao. (2015, September 17). Novel Malware XcodeGhost Modifies Xcode, Infects Apple iOS Apps and Hits App Store. Retrieved December 21, 2016.
  1. Claud Xiao. (2015, September 18). Update: XcodeGhost Attacker Can Phish Passwords and Open URLs through Infected Apps. Retrieved December 21, 2016.