XLoader for iOS

XLoader for iOS is a malicious iOS application that is capable of gathering system information.[1] It is tracked separately from the XLoader for Android.

ID: S0490
Type: MALWARE
Platforms: iOS
Version: 1.1
Created: 20 July 2020
Last Modified: 07 December 2021

Techniques Used

Domain ID Name Use
Mobile T1646 Exfiltration Over C2 Channel

XLoader for iOS has exfiltrated data using HTTP requests.[1]

Mobile T1632 .001 Subvert Trust Controls: Code Signing Policy Modification

XLoader for iOS has been installed via a malicious configuration profile.[1]

Mobile T1426 System Information Discovery

XLoader for iOS can obtain the device’s UDID, version number, and product number.[1]

Mobile T1422 System Network Configuration Discovery

XLoader for iOS can obtain the device’s IMEM, ICCID, and MEID.[1]

References