Equal opportunity malware hits both iOS and Android

Equal opportunity malware hits both iOS and Android
A new malware strain has been making the rounds, and this variant is a bit unusual in that it can affect both jailbroken iOS devices and devices powered by Android. While this is unusual, it is not totally unheard of. The malware, named Xsser, can do some damage. It can steal your SMS messages, photos, call logs and passwords.

If your Apple iPhone is jailbroken, you can try your best to avoid Xsser by limiting the software you install on your phone, to those produced by trusted sources. If you get a source warning, run far away from it. Returning your device to stock will obviously end the danger as long as you're not already infected. Android users should stick to the Play Store for their apps and content. Make sure that your phone is not set to "allow installation of apps from unknown sources".

It is scary to see how phone users can be manipulated. A phishing message that was made to look like it came from WhatsApp, was sent to pro democracy protesters in Hong Kong. The message read, "Check out this Android app designed by Code4HK, group of activist coders, for the coordination of Occupy Central!" Obviously an attempt to entice protesters, once the link is clicked, the phone becomes infected.

Normally, you can't get iOS and Android users to agree on what the day of the week is. But malware infection is something that iOS and Android users can actually agree on. Both groups don't want to have personal information stolen by hackers. Stay away from unknown sources, use common sense and the odds that you will avoid Xsser will improve.

source: Lacoon



1. tp2386

Posts: 4; Member since: Aug 22, 2014

BB10 for the win.

3. PapaSmurf

Posts: 10457; Member since: May 14, 2012

Only thing that draws me to BB. Their security is bar none the best against any other mobile OS.

25. pookiewood

Posts: 631; Member since: Mar 05, 2012

WP. ;)

29. fzacek

Posts: 2486; Member since: Jan 26, 2014

BlackBerry is only so secure because its user base is so small and hackers can't be bothered to target it...

31. Settings

Posts: 2943; Member since: Jul 02, 2014

WP got no malware, yay! Coz no one cares for WP, yay! We rejoice yay!

36. azfar

Posts: 23; Member since: Jul 22, 2013

my Nokia 3310 win :D

2. PapaSmurf

Posts: 10457; Member since: May 14, 2012

Before everyone rages in the comment section: 1) iPhone/iPad needs to be jailbroken, and that's the user's decision to do so 2) Android device MUST allow unknown sources, and that's also the user's decision to do so With that being said, I call at least five people totally ignoring this and starting a flame war.

5. UglyFrank

Posts: 2194; Member since: Jan 23, 2014

Bring on the fire

7. ManusImperceptus

Posts: 724; Member since: Jun 10, 2014

Strictly not true for Android, as I read it; as long as you chose to click on the offending link, it doesn't matter what security setting you've chosen...

8. PapaSmurf

Posts: 10457; Member since: May 14, 2012

Applications are blocked from installing if the settings option isn't turned on so no.

9. wilsong17 unregistered

Yeah on the note 3 it will allow you to install if you accept but just once... the other day I install a hack game and had a even Chinese app which I had to reset my rom

28. vincelongman

Posts: 5723; Member since: Feb 10, 2013

Still your fault for willingly installing the hack

24. ManusImperceptus

Posts: 724; Member since: Jun 10, 2014

Even if the link is basically a disguised acceptance to install...?

27. vincelongman

Posts: 5723; Member since: Feb 10, 2013

Yes, the user still needs to accept the install Still user's fault for being tricked into accepting the install

10. tedkord

Posts: 17410; Member since: Jun 17, 2009

I've got the gasoline, anyone got a lighter?

4. Droid_X_Doug

Posts: 5993; Member since: Dec 22, 2010

Based on the targets (HK protestors), my Magic 8-Ball says PRC state hackers are behind the malware.

6. jroc74

Posts: 6023; Member since: Dec 30, 2010

"Equal opportunity malware" That was funny..lol.

11. AlikMalix unregistered

So if my iPhone isn't jailbroken - it wouldn't happen no matter what I click on or install... But on android (unmodified or modified) any uninformed user can accidentally click on a link and voila - how is this "equal opportunity"?

12. wilsong17 unregistered

Just must have unknown source install.. or have a brain

14. jroc74

Posts: 6023; Member since: Dec 30, 2010


19. VZWuser76

Posts: 4974; Member since: Mar 04, 2010

The only way it'll work on android is if you sideload the app. Default setting on android phones doesn't allow apps to be side loaded. Thanks for playing though.

20. tedkord

Posts: 17410; Member since: Jun 17, 2009

The uninformed user would first have to go into settings and choose to allow install from unknown sources, because it's unchecked by default.

21. shuaibhere

Posts: 1986; Member since: Jul 07, 2012

You have never used android..it shows...

30. fzacek

Posts: 2486; Member since: Jan 26, 2014

No, you would have to modify Android to allow the installation of unknown sources...

32. AlikMalix unregistered

What exactly is done to allow this? What settings would u need to change to allow an installation of this type of thing?

33. VZWuser76

Posts: 4974; Member since: Mar 04, 2010

See post 20. On my phone it's under "Settings>Security & Screen Lock>Unknown Sources-Allow installation of apps from unknown sources" with a check box next to it to allow or disallow it. Checking the box to allow installation from unknown sources is what side loading an app is. It allows you to install an apk file (app) directly and without going through the Playstore. It should only be used if you're certain the app is safe

13. AlikMalix unregistered

Ok, thanks, I'll have to ask myfriends if any stray away from Google play for apps or etc on a regular basis. But for my curiosity about android - is Google play not sufficient for android apps and mods that someone would go somewhere else for that? What would be the reason someone would download and app or keyboard or w/e from other sources other than google play?

15. Sharky

Posts: 259; Member since: Jun 24, 2008

To avoid paying for apps I'd imagine.

16. jroc74

Posts: 6023; Member since: Dec 30, 2010

Uh no Sharky....thats not the only reason....Like torrents isnt only for pirating...Linux and Open Source benefit alot from torrents. Some app developers have apps at their site or at XDA forums. Some, many go thru beta versions and need, want testers. Sometimes an older app worked best for whatever reason and isnt available on the Play Store. Some apps need to be modified ...like trying to get Flash to work on some Android OS versions.

17. DnB925Art

Posts: 1168; Member since: May 23, 2013

Also to add, some apps may be legally free on other app stores. For example, Amazon many times lists apps as free (free app of the day) or on special price. I just downloaded the Merriam Webster dictionary for free from Amazon as they were giving it away for free for a limited time (it was a $50 app I believe!). Plus some devs on XDA will allow you to get their apps directly from them for free while they charge the general public on the Play Store. Another example is beta versions are available directly from the developer, such as 1Password. As a 1Password for Android beta tester, I get the latest versions direct from their website while they charge the public for the final versions on the Play Store. But other than these cases, I avoid apps from other sources and will gladly pay the few bucks to get them from known good sources like Amazon or Google Play (or direct from the actual developer/publisher).

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.