Register to stream ATT&CKcon 2.0 October 29-30


XcodeGhost is iOS malware that infected at least 39 iOS apps in 2015 and potentially affected millions of users. [1] [2]

ID: S0297
Platforms: iOS
Version: 1.1

Techniques Used

Domain ID Name Use
Mobile T1414 Capture Clipboard Data XcodeGhost can read and write data in the user’s clipboard. [2]
Mobile T1474 Supply Chain Compromise XcodeGhost was injected into apps by a modified version of Xcode (Apple's software development tool). [1] [2]
Mobile T1411 User Interface Spoofing XcodeGhost can prompt a fake alert dialog to phish user credentials. [2]