x PhoneArena is hiring! Reviewer in the USA
  • Hidden picShow menu
  • Home
  • News
  • New iOS malware works on non-jailbroken devices, steals contacts, messages, pictures, location, and more

New iOS malware works on non-jailbroken devices, steals contacts, messages, pictures, location, and more

Posted: , by Paul.K

Tags :

New iOS malware works on non-jailbroken devices, steals contacts, messages, pictures, location, and more
Computer security company Trend Micro reports that it has discovered a malicious iOS app that can target both jailbroken and non-jailbroken devices. Much like the "Masque Attack" we heard about a couple of months ago, this little rascal needs the user to click an external link (delivered via text / email / web), which would then install the malware onto the used device. The app is signed with the iOS Developer Enterprise Program certificate – a resource for developing specific in-house corporate apps for business, which should, naturally, not be distributed via the App Store – this is why there is a method for them to be installed externally.

The spyware is called Xagent, and is developed as part of a malware distribution effort, which Trend Micro calls Operation Pawn Storm, due to its strategy – an attempt to infect as many devices of non high-profile users, hoping that it would eventually push the malware on to a high-profile (military, government, media, etc.) target's system.

Once it gets itself on an iOS 7 system, it will run permanently – even stopping the process will cause it to restart, while on iOS 8 – the app has a visible icon, and its process can't restart itself, which means that it has trouble overcoming Apple's latest security (good news, since iOS 8 adoption rate is currently at 72%).

Data theft is the name of the game for Xagent, as it attempts to collect the user's text messages, contact lists, photos, locations, record voice, get a list of other apps and processes running on the handset, and keep an eye on Wi-Fi status.

Now, we'd like to remind you that if you happen to get phished into clicking a malicious link, you still have a way out, as iOS will issue not one, but two warnings before it installs anything that doesn't come from the App Store. Obviously, the malware relies on the fact that some users will just click "OK" on any prompt that pops up, so just keep an eye on the screen when visiting questionable links, and inform any zealous clickers that they need to take a breather and at least read the first three words of a prompt sentence.


source: Trend Micro via MacWorld

28 Comments
  • Options
    Close






posted on 05 Feb 2015, 03:11

1. AndroidLollipop (unregistered)


I don't trust the developer John Q :P

posted on 05 Feb 2015, 03:32 1

5. vincelongman (Posts: 4576; Member since: 10 Feb 2013)


Yea, dont trust anyone from Trend Micro, Norton, AVG, Kaspersky, Bitdefender,...

They just scaremonger to try increase their sales

posted on 05 Feb 2015, 07:57

17. -box- (Posts: 3991; Member since: 04 Jan 2012)


...and what are they selling here? Did you pay them to read the article, or learn about this infection and how to avoid it?

posted on 05 Feb 2015, 12:13 1

25. strudelz100 (Posts: 644; Member since: 20 Aug 2014)


Anti-virus peddlers are trying to scare people on completely safe platforms to pay to install their spyware suite voluntarily.

Developer app can be made by anyone and anything can be done with it. It just won't make it into the App store.

posted on 05 Feb 2015, 03:18 1

2. ruwie (Posts: 103; Member since: 25 Sep 2014)


When the malware entered in your device. Whatever platform it is, it is the User's Fault. NOT THE OS. every program can be counter with another program.

posted on 05 Feb 2015, 03:36 1

6. vincelongman (Posts: 4576; Member since: 10 Feb 2013)


Yep, anyone with common sense should click dont trust for screenshot 2
Malware/Virus are a very minor problem IMO
I've never had any on my old jailbroken iPhone, my current rooted Nexus or on Window

posted on 05 Feb 2015, 04:08

11. tacarat (Posts: 786; Member since: 22 Apr 2013)


You root/jailbreak. Your wetware is up to date for preventing this type of hack. I think we can agree anybody on this type of website probably is.

posted on 05 Feb 2015, 03:21

3. tacarat (Posts: 786; Member since: 22 Apr 2013)


I think this and a malicious hotspot could do some serious damage to people who are used to just clicking things to make them go away. If they changed some of those names to something more reassuring, like "wholefoodswifi", then there'll be trouble.

posted on 05 Feb 2015, 03:23 16

4. joey_sfb (Posts: 6014; Member since: 29 Mar 2012)


Oh! Where are FlyingDutchMan, Mxy and gang that jump on every Android malware PA posting?

posted on 05 Feb 2015, 03:56 10

9. lyndon420 (Posts: 4560; Member since: 11 Jul 2012)


They probably ditched their 'baiting' profiles for the ones above when they want to talk common sense.

posted on 05 Feb 2015, 04:09

12. tacarat (Posts: 786; Member since: 22 Apr 2013)


Now now. It's still early for some places. It's midnight here ;)

posted on 05 Feb 2015, 04:46

13. FlyingDutch (banned) (Posts: 97; Member since: 30 Jan 2015)


LOL

Do you even know what's the Developer Enterprise Program?

It's a special type of license that is approved to companies with 250+ employees.

That being said, whatever damage is possibly done, that company is in deep trouble, and has to take full responsibility for the possible leak of the certificate.

What about recent incident with CrapDroid? Every noob can write malwares of their own, spread them through *PlayStore*, and no one ever takes any kind of responsibility.

You brain-deadroids always compare exceptions with rules between iOS and CrapDroid.

posted on 05 Feb 2015, 05:26 4

14. bendgate (unregistered)


You're right jakelee. No one should use an OS like CrapDroid. Why use an unknown OS like Crapdroid when you have great OSes like iOS, Windows phone and the best of them all, Android? By the way, how does CrapDroid look? Can you post a screenshot link, Jake?

posted on 05 Feb 2015, 07:58

19. PapaSmurf (Posts: 10457; Member since: 14 May 2012)


Please tell me that's not JL... Because of it is well it's...

posted on 05 Feb 2015, 05:31 4

15. androidwindows (Posts: 193; Member since: 04 Oct 2014)


Your overused "brain-deadroids" and "CrapDroid" make yourself sound like a dumb twat.

posted on 05 Feb 2015, 14:28

26. mrej201 (Posts: 226; Member since: 04 Feb 2015)


You just going to deny it..Whats the difference between Android malware, spyware, adware and a virus?

posted on 05 Feb 2015, 03:44 9

7. RoboticEngi (Posts: 797; Member since: 03 Dec 2014)


Ohhhhhh i cant wait to see all the people from yesterday, QQ'ing about malware on android. Lets see your pathetic QQ'ing on malware in iOS......

posted on 05 Feb 2015, 03:53 13

8. lyndon420 (Posts: 4560; Member since: 11 Jul 2012)


Funny how common sense kicks in when the tables are turned.

posted on 05 Feb 2015, 04:06

10. itsdeepak4u2000 (Posts: 3718; Member since: 03 Nov 2012)


Old also works with the new one.

posted on 05 Feb 2015, 06:04

16. NopeNein (Posts: 147; Member since: 04 Feb 2015)


Meh..

posted on 05 Feb 2015, 07:57 5

18. Ashoaib (Posts: 3229; Member since: 15 Nov 2013)


Yesterday some people were saying that ios is invincible as compared to android... where is mxyz and others?

posted on 05 Feb 2015, 08:01

20. GeorgeDao123 (Posts: 431; Member since: 20 Aug 2013)


Yesterday, iSheeps laughed at Android fans. Now Android fans laugh at iSheeps back.

posted on 05 Feb 2015, 08:40

21. darkkjedii (Posts: 22064; Member since: 05 Feb 2011)


Mehhh

posted on 05 Feb 2015, 09:14 1

22. Crispin_Gatieza (Posts: 1744; Member since: 23 Jan 2014)


The iCult is committing mass Hari-Kiri today.

BTW, I happen to own a 6+, I'm just not a zealot. Outside of legacy BlackBerry OS, any mobile platform can get malware. Just use common sense.

posted on 05 Feb 2015, 09:24 2

23. AfterShock (Posts: 3698; Member since: 02 Nov 2012)


More will come with out a doubt.

Hey iOS guys, need any more stones to throw or all good?

posted on 05 Feb 2015, 21:03 1

27. TechieXP1969 (Posts: 10680; Member since: 25 Sep 2013)


They are never going to stop because they are ignorant. After all how ignorant do you have to be to pay an additional $100 for a device where absolutely nothing was added?

When I ride the train to work and see all the iPhone 6 and 6+, I want so bad to just bust out and laugh. NOT that bios is bad or that the iPhone is bad, what is funny is how most of them just buy out of habit, popularity and everything else other than good judgment.

They deserve what they get. Even if only 1% of device get I fected, all it takes is one user to be working for a very important company or government agency and it's over.

Welcome to the world of Windows with iOS.q

posted on 05 Feb 2015, 12:05

24. strudelz100 (Posts: 644; Member since: 20 Aug 2014)


You'd have to be an idiot to get this. No coincidence it was "found" by TrendMicro, peddlers of security spyware.

Also its a developer app only. Developed by who I wonder? Who'd profit from revealing this? Hmmmmmm...makes you think.

Never made it to the App store and was never vetted by Apple security. You have to install from an outside source over the insecure web which is a bad move regardless of platform.

posted on 05 Feb 2015, 21:04

28. TechieXP1969 (Posts: 10680; Member since: 25 Sep 2013)


TrandMicrp never said installing Mativirus will stop the issue. Right? So what exactly are you mouthing about?

Want to comment? Please login or register.

Latest stories