XcodeGhost is iOS malware that infected at least 39 iOS apps in 2015 and potentially affected millions of users. [1] [2]

ID: S0297
Platforms: iOS
Version: 1.1
Created: 25 October 2017
Last Modified: 11 December 2018

Techniques Used

Domain ID Name Use
Mobile T1414 Capture Clipboard Data

XcodeGhost can read and write data in the user’s clipboard.[2]

Mobile T1411 Input Prompt

XcodeGhost can prompt a fake alert dialog to phish user credentials.[2]

Mobile T1474 Supply Chain Compromise

XcodeGhost was injected into apps by a modified version of Xcode (Apple's software development tool).[1][2]