XLoader for iOS is a malicious iOS application that is capable of gathering system information.^[1] It is tracked separately from the XLoader for Android.

ID: S0490

Type: MALWARE

Platforms: iOS

Version: 1.0

Created: 20 July 2020

Last Modified: 16 October 2020

Version Permalink

Live Version

Techniques Used

Domain	ID	Name	Use
Mobile	T1476	Deliver Malicious App via Other Means	XLoader for Android has been distributed via phishing SMS messages, which link to a malicious website hosting a device profile.^[1]
Mobile	T1478	Install Insecure or Malicious Configuration	XLoader for iOS has been installed via a malicious configuration profile.^[1]
Mobile	T1437	Standard Application Layer Protocol	XLoader for iOS has exfiltrated data using HTTP requests.^[1]
Mobile	T1426	System Information Discovery	XLoader for iOS can obtain the device’s UDID, version number, and product number.^[1]
Mobile	T1422	System Network Configuration Discovery	XLoader for iOS can obtain the device’s IMEM, ICCID, and MEID.^[1]

References

Hiroaki, H., Wu, L., Wu, L.. (2019, April 2). XLoader Disguises as Android Apps, Has FakeSpy Links. Retrieved July 20, 2020.

XLoader for iOS

Mobile Layer

Techniques Used

References