XLoader for iOS

XLoader for iOS is a malicious iOS application that is capable of gathering system information.[1] It is tracked separately from the XLoader for Android.

ID: S0490
Type: MALWARE
Platforms: iOS
Version: 1.0
Created: 20 July 2020
Last Modified: 16 October 2020

Techniques Used

Domain ID Name Use
Mobile T1476 Deliver Malicious App via Other Means

XLoader for Android has been distributed via phishing SMS messages, which link to a malicious website hosting a device profile.[1]

Mobile T1478 Install Insecure or Malicious Configuration

XLoader for iOS has been installed via a malicious configuration profile.[1]

Mobile T1437 Standard Application Layer Protocol

XLoader for iOS has exfiltrated data using HTTP requests.[1]

Mobile T1426 System Information Discovery

XLoader for iOS can obtain the device’s UDID, version number, and product number.[1]

Mobile T1422 System Network Configuration Discovery

XLoader for iOS can obtain the device’s IMEM, ICCID, and MEID.[1]

References