x PhoneArena is hiring! Reviewer in the USA

New iOS malware works on non-jailbroken devices, steals contacts, messages, pictures, location, and more

Posted: , posted by Paul.K

Tags :

New iOS malware works on non-jailbroken devices, steals contacts, messages, pictures, location, and more
Computer security company Trend Micro reports that it has discovered a malicious iOS app that can target both jailbroken and non-jailbroken devices. Much like the "Masque Attack" we heard about a couple of months ago, this little rascal needs the user to click an external link (delivered via text / email / web), which would then install the malware onto the used device. The app is signed with the iOS Developer Enterprise Program certificate – a resource for developing specific in-house corporate apps for business, which should, naturally, not be distributed via the App Store – this is why there is a method for them to be installed externally.

The spyware is called Xagent, and is developed as part of a malware distribution effort, which Trend Micro calls Operation Pawn Storm, due to its strategy – an attempt to infect as many devices of non high-profile users, hoping that it would eventually push the malware on to a high-profile (military, government, media, etc.) target's system.

Once it gets itself on an iOS 7 system, it will run permanently – even stopping the process will cause it to restart, while on iOS 8 – the app has a visible icon, and its process can't restart itself, which means that it has trouble overcoming Apple's latest security (good news, since iOS 8 adoption rate is currently at 72%).

Data theft is the name of the game for Xagent, as it attempts to collect the user's text messages, contact lists, photos, locations, record voice, get a list of other apps and processes running on the handset, and keep an eye on Wi-Fi status.

Now, we'd like to remind you that if you happen to get phished into clicking a malicious link, you still have a way out, as iOS will issue not one, but two warnings before it installs anything that doesn't come from the App Store. Obviously, the malware relies on the fact that some users will just click "OK" on any prompt that pops up, so just keep an eye on the screen when visiting questionable links, and inform any zealous clickers that they need to take a breather and at least read the first three words of a prompt sentence.


source: Trend Micro via MacWorld

26 Comments
  • Options
    Close





Want to comment? Please login or register.

Latest stories