The sub-techniques beta is now live! Read the release blog post for more info.


XcodeGhost is iOS malware that infected at least 39 iOS apps in 2015 and potentially affected millions of users. [1] [2]

ID: S0297
Platforms: iOS
Version: 1.1
Created: 25 October 2017
Last Modified: 11 December 2018

Techniques Used

Domain ID Name Use
Mobile T1414 Capture Clipboard Data

XcodeGhost can read and write data in the user’s clipboard.[2]

Mobile T1411 Input Prompt

XcodeGhost can prompt a fake alert dialog to phish user credentials.[2]

Mobile T1474 Supply Chain Compromise

XcodeGhost was injected into apps by a modified version of Xcode (Apple's software development tool).[1][2]