Skip to content

S0297 XcodeGhost

XcodeGhost is iOS malware that infected at least 39 iOS apps in 2015 and potentially affected millions of users. 1 2

Item Value
ID S0297
Associated Names
Version 1.1
Created 25 October 2017
Last Modified 11 December 2018
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
mobile T1414 Capture Clipboard Data XcodeGhost can read and write data in the user’s clipboard.2
mobile T1411 Input Prompt XcodeGhost can prompt a fake alert dialog to phish user credentials.2
mobile T1474 Supply Chain Compromise XcodeGhost was injected into apps by a modified version of Xcode (Apple’s software development tool).12


Back to top