XcodeGhost is iOS malware that infected at least 39 iOS apps in 2015 and potentially affected millions of users. [1] [2]

ID: S0297
Version: 1.0
Created: 25 October 2017
Last Modified: 24 October 2022

Techniques Used

Domain ID Name Use
Mobile T1414 Clipboard Data

XcodeGhost can read and write data in the user’s clipboard.[2]

Mobile T1417 .002 Input Capture: GUI Input Capture

XcodeGhost can prompt a fake alert dialog to phish user credentials.[2]

Mobile T1474 .001 Supply Chain Compromise: Compromise Software Dependencies and Development Tools

XcodeGhost was injected into apps by a modified version of Xcode (Apple's software development tool).[1][2]