S0490 XLoader for iOS
XLoader for iOS is a malicious iOS application that is capable of gathering system information.1 It is tracked separately from the XLoader for Android.
| Item | Value |
|---|---|
| ID | S0490 |
| Associated Names | |
| Type | MALWARE |
| Version | 1.1 |
| Created | 20 July 2020 |
| Last Modified | 07 December 2021 |
| Navigation Layer | View In ATT&CK® Navigator |
Techniques Used
| Domain | ID | Name | Use |
|---|---|---|---|
| mobile | T1646 | Exfiltration Over C2 Channel | XLoader for iOS has exfiltrated data using HTTP requests.1 |
| mobile | T1632 | Subvert Trust Controls | - |
| mobile | T1632.001 | Code Signing Policy Modification | XLoader for iOS has been installed via a malicious configuration profile.1 |
| mobile | T1426 | System Information Discovery | XLoader for iOS can obtain the device’s UDID, version number, and product number.1 |
| mobile | T1422 | System Network Configuration Discovery | XLoader for iOS can obtain the device’s IMEM, ICCID, and MEID.1 |