Another iOS-threatening malware replaces apps and steals sensitive information
Today, we hear about something a bit scarier. It's called a "Masque Attack" and what it does is, it installs a malicious app on one's iOS device and masks it to look like any other app, legitimately installed from the App Store.
From there, attackers have a few options – they can mimic an essential app's login interface and steal a users' sensitive credentials; they can also replicate an email app, which will still allow the user to enter and read his inbox – the attackers will gain access to those emails, too; they can also use Masque as a way to bypass the app sandbox and get root privileges.
The way a Masque Attack slips into one's system is via an installation from a 3rd party website – the attacker will attempt to bait the victim into visiting a website, which will open a pop-up request to install an app. If the user accepts – the malware is in, hidden under whatever app it's supposed to act as. Masque Attack can mimic any legitimate app, on both jailbroken and non-jailbroken devices, as long as it's not iOS pre-installed (Safari, Apple's email client, etc.).
So there you go kids – watch out for suspicious popups, and don't install things from 3rd party websites, not even iOS is safe nowadays.