Skip to content

S0490 XLoader for iOS

XLoader for iOS is a malicious iOS application that is capable of gathering system information.1 It is tracked separately from the XLoader for Android.

Item Value
ID S0490
Associated Names
Version 1.1
Created 20 July 2020
Last Modified 07 December 2021
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
mobile T1646 Exfiltration Over C2 Channel XLoader for iOS has exfiltrated data using HTTP requests.1
mobile T1632 Subvert Trust Controls -
mobile T1632.001 Code Signing Policy Modification XLoader for iOS has been installed via a malicious configuration profile.1
mobile T1426 System Information Discovery XLoader for iOS can obtain the device’s UDID, version number, and product number.1
mobile T1422 System Network Configuration Discovery XLoader for iOS can obtain the device’s IMEM, ICCID, and MEID.1