Harmless “malware” for iPhone (training only!)¶

This example demonstrates how to simulate questionable behaviours on iOS using Xcode, without causing harm. It’s ideal for detection drills and basic static analysis practice.

Tools you’ll need¶

• Xcode (macOS only)

• Test device or iOS Simulator (included in Xcode)

• Class-dump (optional for binary inspection)

• Frida (optional for runtime instrumentation)

What it simulates¶

• Writing data to suspicious locations

• Making unusual network requests

• Logging overly verbose or creepy messages

• Requesting excessive permissions (e.g., camera + location)

How to build it¶

1. Open Xcode, create a new iOS App project (Swift or Obj-C)

2. Name it FakeiOSMalware

3. In ViewController.swift, add:

import UIKit

class ViewController: UIViewController {
    override func viewDidLoad() {
        super.viewDidLoad()

        // Fake data exfil
        let data = "Totally not private info".data(using: .utf8)
        let dir = FileManager.default.temporaryDirectory
        let fileURL = dir.appendingPathComponent("leaked.txt")
        try? data?.write(to: fileURL)

        // Fake network ping
        if let url = URL(string: "http://malicious.example.com/ping") {
            URLSession.shared.dataTask(with: url) { data, response, error in
                print("Pinged suspicious URL")
            }.resume()
        }

        // Creepy log
        print("[SIMULATED MALWARE] Watching user...")
    }
}

4. Run it on the simulator or a test device

Detection practice¶

• Use macOS Console app to review logs

• Run Frida scripts to inspect app memory or intercept function calls

• Use class-dump to reverse the app and examine exported methods

• Observe suspicious permissions in Xcode project settings

• Use tools like iRET or MobSF (macOS version) for static inspection.

Do not forget to remove it. It is harmless, but still …