S0297 XcodeGhost
XcodeGhost is iOS malware that infected at least 39 iOS apps in 2015 and potentially affected millions of users. 1 2
| Item | Value |
|---|---|
| ID | S0297 |
| Type | MALWARE |
| Version | 1.0 |
| Created | 25 October 2017 |
| Last Modified | 24 October 2022 |
| Navigation Layer | View In ATT&CK® Navigator |
Techniques Used
| Domain | ID | Name | Use |
|---|---|---|---|
| mobile | T1414 | Clipboard Data | XcodeGhost can read and write data in the user’s clipboard.2 |
| mobile | T1417 | Input Capture | - |
| mobile | T1417.002 | GUI Input Capture | XcodeGhost can prompt a fake alert dialog to phish user credentials.2 |
| mobile | T1474 | Supply Chain Compromise | - |
| mobile | T1474.001 | Compromise Software Dependencies and Development Tools | XcodeGhost was injected into apps by a modified version of Xcode (Apple’s software development tool).12 |
References
-
Claud Xiao. (2015, September 17). Novel Malware XcodeGhost Modifies Xcode, Infects Apple iOS Apps and Hits App Store. Retrieved December 21, 2016. ↩↩
-
Claud Xiao. (2015, September 18). Update: XcodeGhost Attacker Can Phish Passwords and Open URLs through Infected Apps. Retrieved December 21, 2016. ↩↩↩↩