Skip to content

S0297 XcodeGhost

XcodeGhost is iOS malware that infected at least 39 iOS apps in 2015 and potentially affected millions of users. 1 2

Item Value
ID S0297
Version 1.0
Created 25 October 2017
Last Modified 24 October 2022
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
mobile T1414 Clipboard Data XcodeGhost can read and write data in the user’s clipboard.2
mobile T1417 Input Capture -
mobile T1417.002 GUI Input Capture XcodeGhost can prompt a fake alert dialog to phish user credentials.2
mobile T1474 Supply Chain Compromise -
mobile T1474.001 Compromise Software Dependencies and Development Tools XcodeGhost was injected into apps by a modified version of Xcode (Apple’s software development tool).12