S0490 XLoader for iOS
XLoader for iOS is a malicious iOS application that is capable of gathering system information.1 It is tracked separately from the XLoader for Android.
| Item | Value |
|---|---|
| ID | S0490 |
| Associated Names | |
| Type | MALWARE |
| Version | 1.0 |
| Created | 20 July 2020 |
| Last Modified | 16 October 2020 |
| Navigation Layer | View In ATT&CK® Navigator |
Techniques Used
| Domain | ID | Name | Use |
|---|---|---|---|
| mobile | T1476 | Deliver Malicious App via Other Means | XLoader for Android has been distributed via phishing SMS messages, which link to a malicious website hosting a device profile.1 |
| mobile | T1478 | Install Insecure or Malicious Configuration | XLoader for iOS has been installed via a malicious configuration profile.1 |
| mobile | T1437 | Standard Application Layer Protocol | XLoader for iOS has exfiltrated data using HTTP requests.1 |
| mobile | T1426 | System Information Discovery | XLoader for iOS can obtain the device’s UDID, version number, and product number.1 |
| mobile | T1422 | System Network Configuration Discovery | XLoader for iOS can obtain the device’s IMEM, ICCID, and MEID.1 |