iOS

Another iOS-threatening malware replaces apps and steals sensitive information

Another iOS-threatening malware replaces apps and steals sensitive information
It seems iOS is having a bad month – last week, there was the WireLurker scare – a malware that is capable of infecting even the previously-deemed-safe non-jailbroken devices. Apple says it's got a handle on that, but, to be fair, WireLurker was only able to infect users who connected their phone to their PC via USB and attempted to sideload apps from a 3rd party app store.

Today, we hear about something a bit scarier. It's called a "Masque Attack" and what it does is, it installs a malicious app on one's iOS device and masks it to look like any other app, legitimately installed from the App Store.

From there, attackers have a few options – they can mimic an essential app's login interface and steal a users' sensitive credentials; they can also replicate an email app, which will still allow the user to enter and read his inbox – the attackers will gain access to those emails, too; they can also use Masque as a way to bypass the app sandbox and get root privileges.

The way a Masque Attack slips into one's system is via an installation from a 3rd party website – the attacker will attempt to bait the victim into visiting a website, which will open a pop-up request to install an app. If the user accepts – the malware is in, hidden under whatever app it's supposed to act as. Masque Attack can mimic any legitimate app, on both jailbroken and non-jailbroken devices, as long as it's not iOS pre-installed (Safari, Apple's email client, etc.).

So there you go kids – watch out for suspicious popups, and don't install things from 3rd party websites, not even iOS is safe nowadays.


FEATURED VIDEO

24 Comments

1. legiloca

Posts: 1676; Member since: Nov 11, 2014

Well.. s**t.

5. itsdeepak4u2000

Posts: 3718; Member since: Nov 03, 2012

Any OS with no malware attacks is just a failed OS IMO. More popular more attacks, but how they respond to vulnerability is a test.

7. Finalflash

Posts: 4063; Member since: Jul 23, 2013

Well in Apple's case they hide it, call it non-existent, and leave it there until celebrity nudes leak out. Not complaining about the latter, but the former is a very idiotic way to handle it. They also make slides calling the competitor products a toxic hellstew just in case they don't seem hypocritical enough.

17. VHMP01

Posts: 93; Member since: Aug 27, 2014

Apple would also come up with stuff like: "You are Virusing it worng!"

2. android_hitman unregistered

again? I thought IOS is invulnerable!

6. AlikMalix unregistered

It is invulnerable, but user stupidity is...

8. Finalflash

Posts: 4063; Member since: Jul 23, 2013

Lol, just going to say that is a classic Apple fan response, to blame the victim no matter what the issue is.

12. vincelongman

Posts: 5723; Member since: Feb 10, 2013

By that logic every OS is invulnerable Though you might be right since I've never had any malware or viruses (and the same for most people I know) Even though I pirate movies/music on Windows, jailbreak my old iPhone and now rooted my Nexus

3. AlikMalix unregistered

Have you guys seen the video of this "attack"? Let’s recount steps of a proper app install that anyone who ever used an iOS device does when they install/update an app: 1. Open App Store app on your device 2. Goto Updates tab to view available app updates and perform update, or, 3. View available apps in the store, chose which one you want, authorize download by entering Apple ID password, and possibly CC security code if purchasing paid app, and you haven’t made a purchase in some time 4. Enjoy your app. With this attack, we veer to the following method: 1. Unsolicited SMS (not iMessage) message arrives from unknown third-party advising you to click on a shortened hyperlink 2. User is taken into Safari, to an unusual site, and prompted to update an app using a non-standard dialog box 3. Attack then replaces genuine third-party app (as it doesn’t affect built-in iOS apps), and then the attack begins uploading any incoming SMS messages, and the DB of the original app the malware replaced is copied to a CnC server. I have never, nor know anyone who ever installed or updated an app thru a thirdparty website... I didn't know it was possible... I still dont think it's possible...

11. Finalflash

Posts: 4063; Member since: Jul 23, 2013

Welcome to 99% of all malware on all mobile platforms. Chances are, you don't know anyone who has been through it. Yet when it is on other platforms and some random person in China gets infected with an even more ridiculous method, all the iFans start circlejerking. It really is the height of hypocrisy to point fingers at everyone else but when it is time for critical self-analysis, all the iFans start victim blaming and victim shaming (as seen by your other comment). The reason Apple doesn't improve as much as others and has 30 different quality issues in the release month of their main product is because their fans never hold them to their standards. So try to help yourself and actually demand your own benefit from the company you have chosen to support.

14. NexusPhan

Posts: 632; Member since: Jul 11, 2013

It's not supposed to be possible at all. That's the real problem. Android was designed for 3rd party app installations so it's able to display a pop-up warning AND Google's servers will scan the app on your phone if the user chooses to ignore the first pop-up. Apple, being designed to not allow 3rd party app installs, has neither of these security measures. Also, if I've been drinking, which I do a lot of, I'll just be clicking whatever to clear it off my screen. And the average user is just clueless. It's not as far fetched as you make it seem.

23. engineer-1701d unregistered

problem is i have seen the people that have ios devices and they are by far some of the dumbest people on the face of the earth you could add in 10 apps and they would not know because they are so busy with taking selfies and falling off bridges etc

25. AlikMalix unregistered

How do u explain bunch of android users who actually think they own an iPhone. It's the same on all platform, but that's the beauty of these smartphones - even absolute non-techie can use a sophisticated device such as the little computer we carry in our pocket.

4. LetsBeHonest

Posts: 1548; Member since: Jun 04, 2013

No OS is malware free. Every OS can be attacked, especially the popular one. Android might be the main attraction of hackers because it holds a big slice of market share and its the same goes for iOS too. Those ifans claiming Android is full of malwares and pretend they got the best secured OS is pure ignorance. Same goes for WP, Once it hits 10% global market share or higher

9. bendgate unregistered

Innovative malware.

18. VHMP01

Posts: 93; Member since: Aug 27, 2014

Magical Revolutionary malware!

10. tigermcm

Posts: 861; Member since: Sep 02, 2009

oh nooooo say it aint so

13. darkkjedii

Posts: 31291; Member since: Feb 05, 2011

Avoid accepting popups, and only use the official App Store, there you have it. Basically, it's gonna be the users who shots themselves in the foot. Cyber criminals are a very intelligent lot, all jokes aside, protect yourself folks. We do a lot on these devices.

24. engineer-1701d unregistered

its been proven that even in the store malware get past, they did a test and past a malware app in the app store it got approved put on the store and before anyone could donwload it the devs tool it down and told apple about it that they needed to up the security. i watched the show on cnn like a year ago

16. AfterShock

Posts: 4147; Member since: Nov 02, 2012

You'd think there's be an OS scanner like others have to warn an remove crappy stuff like this. Oh premium allows for dodgy bits.

19. PhoneCritic

Posts: 1354; Member since: Oct 05, 2011

This is where Apples hypocrisy shows. Phil gets on stage and show slides of how WP and, of Course, Android suffer from mass malware and iOs is free of it instead of just saying we have defenses for this. Plenty of Apple supporters buy this argument and when ask about completing platforms say "oh no to much virus and malware on those platforms" these are the same people who would click on these links that would install malware on their device. The issue here is that NO - Os is safe unless it is completely isolated, meaning no connection to anything at all. Android, ios, WP, Blackberry etc.. can all be exploited. So, lets stop pretending that our $800 to $1000 device, because of their price point, are too premium and above being hack. As security is concerned - Remember they all connect to the internet. Even one better think of this They were all manufactured in China ( where secret back doors were placed in the firmware for the Chinese government to exploit) imported to American shores ( where the CIA and NSA also placed their own back door exploits) to find their ways to you and I. I know this all seems like a conspiracy theory but logically do you really think that these sophisticated devices that use government satellites for GPS tracking, IP address and burned in mac addresses on the carriers networks are not exploited by foreign/domestic governments alike? In a sense we are all under surveillance by our governments, Google, Apple, Microsoft, Facebook,Twitter etc.. Like it or not that is tech and the world. If you want out and never have your personal info spied on then disconnect from the matrix.

20. Taters

Posts: 6474; Member since: Jan 28, 2013

The Apple PR department is slipping. They are usually pretty good at covering this stuff up so the public never hears about. Oh Apple, the masters of illusion. Covering up all their negatives while hi lighting the negatives of Android. Once their illusion crumbles though, bye bye Apple. I can't wait until that day.

21. meanestgenius

Posts: 22222; Member since: May 28, 2014

So where are all of the iFans that think their beloved OS is unassailable? I've said it before, and I will say it again: Apple has had, up to now, an amazing reality distortion field in effect. That field is now crumbling and all of the vulnerabilities of Apple's OS cannot be written off. iFans will always say that others are "using it wrong" and blame anyone or anything other than their beloved OS for its faults.

22. xondk

Posts: 1904; Member since: Mar 25, 2014

Most virus on mobile are like this (and quite a few computer virus' are similar), doesn't apple give more prompt information though on install? like permissions and such needed? if not that seems rather odd, and something they should fix, most malicious apps become glaringly obvious when say a game or such needs access to sms and such stuff. Course those that click and click to get it 'over' with to get the stuff the malware site claims they are giving, are always going to get malware. And sadly still a lot of people just 'want' a game, or whatever and will just randomly click til they get it, fixed soooo many computers because of this...and steadily more phones are coming around.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.