NetFort tips and tricks - Detecting XcodeGhost Malware Activity

  • 1
  • Idea
  • Updated 3 years ago
  • (Edited)
A LANGuardian customer lately contacted us with an interesting use case. The customer asked if LANGuardian can monitor any of the associated XcodeGhost activity with the recent Apple Malware incident.

XcodeGhost is a new iOS malware arising from a malicious version of Xcode, Apple's official tool for developing iOS and OS X apps.

According to this article you could check HTTP or DNS traffic associated with and entries in your firewalls or proxies logs.


The following method describes the steps to show any activity associated with these two website domain names. The report can be saved on the LANGuardian system as a custom report and can be re-run any time updated information is needed.

  1. Click on Reports in the LANGuardian menu bar.
  2. In the Web section, click on More >> Top Website Domains and Resources.
  3. In the Website Domain Name field (Matches regexp selected) place|
  4. Click View.
  5. When LANGuardian displays the report, click More Actions on the report menu bar and select Save Report.
  6. Enter a name and description for the report, then click Save. The new report will be listed in the Custom Reports section.

If you would like to find out more about how you can use LANGuardian to detect XcodeGhost activity, see Darragh Delaney's recent blog article.

And, of course,  please contact us any time if you have any questions about detecting XcodeGhost or indeed any other aspect of network monitoring with LANGuardian.

Archived Tips & Tricks are available on the NetFort forum.

Photo of Aisling Brennan

Aisling Brennan, Official Rep

  • 393 Posts
  • 8 Reply Likes

Posted 3 years ago

  • 1

Be the first to post a reply!