XcodeGhost is a new iOS malware arising from a malicious version of Xcode, Apple's official tool for developing iOS and OS X apps.
According to this article you could check HTTP or DNS traffic associated with init.icloud-analysis.com and init.crash-analytics.com entries in your firewalls or proxies logs.
The following method describes the steps to show any activity associated with these two website domain names. The report can be saved on the LANGuardian system as a custom report and can be re-run any time updated information is needed.
- Click on Reports in the LANGuardian menu bar.
- In the Web section, click on More >> Top Website Domains and Resources.
- In the Website Domain Name field (Matches regexp selected) place icloud-analysis.com|crash-analytics.com
- Click View.
- When LANGuardian displays the report, click More Actions on the report menu bar and select Save Report.
- Enter a name and description for the report, then click Save. The new report will be listed in the Custom Reports section.
If you would like to find out more about how you can use LANGuardian to detect XcodeGhost activity, see Darragh Delaney's recent blog article.
And, of course, please contact us any time if you have any questions about detecting XcodeGhost or indeed any other aspect of network monitoring with LANGuardian.
Archived Tips & Tricks are available on the NetFort forum.
Be the first to post a reply!