The sub-techniques beta is now live! Read the release blog post for more info.
SOFTWARE
SOFTWARE
1-9
A-B
C-D
E-F
G-H
I-J
K-L
M-N
O-P
Q-R
S-T
U-V
W-X
Y-Z
  1. Home
  2. Software
  3. XcodeGhost

XcodeGhost

XcodeGhost is iOS malware that infected at least 39 iOS apps in 2015 and potentially affected millions of users. [1] [2]

ID: S0297
Type: MALWARE
Platforms: iOS
Version: 1.1
Created: 25 October 2017
Last Modified: 11 December 2018
Mobile Layer
download view

Techniques Used

Domain ID Name Use
Mobile T1414 Capture Clipboard Data

XcodeGhost can read and write data in the user’s clipboard.[2]
Mobile T1411 Input Prompt

XcodeGhost can prompt a fake alert dialog to phish user credentials.[2]
Mobile T1474 Supply Chain Compromise

XcodeGhost was injected into apps by a modified version of Xcode (Apple's software development tool).[1][2]

References

  1. Claud Xiao. (2015, September 17). Novel Malware XcodeGhost Modifies Xcode, Infects Apple iOS Apps and Hits App Store. Retrieved December 21, 2016.
  1. Claud Xiao. (2015, September 18). Update: XcodeGhost Attacker Can Phish Passwords and Open URLs through Infected Apps. Retrieved December 21, 2016.