New iOS malware works on non-jailbroken devices, steals contacts, messages, pictures, location, and more

New iOS malware works on non-jailbroken devices, steals contacts, messages, pictures, location, and more
Computer security company Trend Micro reports that it has discovered a malicious iOS app that can target both jailbroken and non-jailbroken devices. Much like the "Masque Attack" we heard about a couple of months ago, this little rascal needs the user to click an external link (delivered via text / email / web), which would then install the malware onto the used device. The app is signed with the iOS Developer Enterprise Program certificate – a resource for developing specific in-house corporate apps for business, which should, naturally, not be distributed via the App Store – this is why there is a method for them to be installed externally.

The spyware is called Xagent, and is developed as part of a malware distribution effort, which Trend Micro calls Operation Pawn Storm, due to its strategy – an attempt to infect as many devices of non high-profile users, hoping that it would eventually push the malware on to a high-profile (military, government, media, etc.) target's system.

Once it gets itself on an iOS 7 system, it will run permanently – even stopping the process will cause it to restart, while on iOS 8 – the app has a visible icon, and its process can't restart itself, which means that it has trouble overcoming Apple's latest security (good news, since iOS 8 adoption rate is currently at 72%).

Data theft is the name of the game for Xagent, as it attempts to collect the user's text messages, contact lists, photos, locations, record voice, get a list of other apps and processes running on the handset, and keep an eye on Wi-Fi status.

Now, we'd like to remind you that if you happen to get phished into clicking a malicious link, you still have a way out, as iOS will issue not one, but two warnings before it installs anything that doesn't come from the App Store. Obviously, the malware relies on the fact that some users will just click "OK" on any prompt that pops up, so just keep an eye on the screen when visiting questionable links, and inform any zealous clickers that they need to take a breather and at least read the first three words of a prompt sentence.


source: Trend Micro via MacWorld

FEATURED VIDEO

26 Comments

1. AndroidLollipop unregistered

I don't trust the developer John Q :P

5. vincelongman

Posts: 5654; Member since: Feb 10, 2013

Yea, dont trust anyone from Trend Micro, Norton, AVG, Kaspersky, Bitdefender,... They just scaremonger to try increase their sales

17. -box-

Posts: 3991; Member since: Jan 04, 2012

...and what are they selling here? Did you pay them to read the article, or learn about this infection and how to avoid it?

25. strudelz100

Posts: 646; Member since: Aug 20, 2014

Anti-virus peddlers are trying to scare people on completely safe platforms to pay to install their spyware suite voluntarily. Developer app can be made by anyone and anything can be done with it. It just won't make it into the App store.

2. ruwie

Posts: 103; Member since: Sep 25, 2014

When the malware entered in your device. Whatever platform it is, it is the User's Fault. NOT THE OS. every program can be counter with another program.

6. vincelongman

Posts: 5654; Member since: Feb 10, 2013

Yep, anyone with common sense should click dont trust for screenshot 2 Malware/Virus are a very minor problem IMO I've never had any on my old jailbroken iPhone, my current rooted Nexus or on Window

11. tacarat

Posts: 854; Member since: Apr 22, 2013

You root/jailbreak. Your wetware is up to date for preventing this type of hack. I think we can agree anybody on this type of website probably is.

3. tacarat

Posts: 854; Member since: Apr 22, 2013

I think this and a malicious hotspot could do some serious damage to people who are used to just clicking things to make them go away. If they changed some of those names to something more reassuring, like "wholefoodswifi", then there'll be trouble.

4. joey_sfb

Posts: 6794; Member since: Mar 29, 2012

Oh! Where are FlyingDutchMan, Mxy and gang that jump on every Android malware PA posting?

12. tacarat

Posts: 854; Member since: Apr 22, 2013

Now now. It's still early for some places. It's midnight here ;)

13. FlyingDutch

Posts: 97; Member since: Jan 30, 2015

LOL Do you even know what's the Developer Enterprise Program? It's a special type of license that is approved to companies with 250+ employees. That being said, whatever damage is possibly done, that company is in deep trouble, and has to take full responsibility for the possible leak of the certificate. What about recent incident with CrapDroid? Every noob can write malwares of their own, spread them through *PlayStore*, and no one ever takes any kind of responsibility. You brain-deadroids always compare exceptions with rules between iOS and CrapDroid.

14. bendgate unregistered

You're right jakelee. No one should use an OS like CrapDroid. Why use an unknown OS like Crapdroid when you have great OSes like iOS, Windows phone and the best of them all, Android? By the way, how does CrapDroid look? Can you post a screenshot link, Jake?

19. PapaSmurf

Posts: 10457; Member since: May 14, 2012

Please tell me that's not JL... Because of it is well it's...

15. androidwindows

Posts: 216; Member since: Oct 04, 2014

Your overused "brain-deadroids" and "CrapDroid" make yourself sound like a dumb twat.

26. mrej201

Posts: 226; Member since: Feb 04, 2015

You just going to deny it..Whats the difference between Android malware, spyware, adware and a virus?

7. RoboticEngi

Posts: 1251; Member since: Dec 03, 2014

Ohhhhhh i cant wait to see all the people from yesterday, QQ'ing about malware on android. Lets see your pathetic QQ'ing on malware in iOS......

10. itsdeepak4u2000

Posts: 3718; Member since: Nov 03, 2012

Old also works with the new one.

16. NopeNein

Posts: 147; Member since: Feb 04, 2015

Meh..

18. Ashoaib

Posts: 3271; Member since: Nov 15, 2013

Yesterday some people were saying that ios is invincible as compared to android... where is mxyz and others?

20. GeorgeDao123

Posts: 431; Member since: Aug 20, 2013

Yesterday, iSheeps laughed at Android fans. Now Android fans laugh at iSheeps back.

21. darkkjedii

Posts: 30904; Member since: Feb 05, 2011

Mehhh

22. Crispin_Gatieza

Posts: 3112; Member since: Jan 23, 2014

The iCult is committing mass Hari-Kiri today. BTW, I happen to own a 6+, I'm just not a zealot. Outside of legacy BlackBerry OS, any mobile platform can get malware. Just use common sense.

23. AfterShock

Posts: 4146; Member since: Nov 02, 2012

More will come with out a doubt. Hey iOS guys, need any more stones to throw or all good?

27. TechieXP1969

Posts: 14967; Member since: Sep 25, 2013

They are never going to stop because they are ignorant. After all how ignorant do you have to be to pay an additional $100 for a device where absolutely nothing was added? When I ride the train to work and see all the iPhone 6 and 6+, I want so bad to just bust out and laugh. NOT that bios is bad or that the iPhone is bad, what is funny is how most of them just buy out of habit, popularity and everything else other than good judgment. They deserve what they get. Even if only 1% of device get I fected, all it takes is one user to be working for a very important company or government agency and it's over. Welcome to the world of Windows with iOS.q

24. strudelz100

Posts: 646; Member since: Aug 20, 2014

You'd have to be an idiot to get this. No coincidence it was "found" by TrendMicro, peddlers of security spyware. Also its a developer app only. Developed by who I wonder? Who'd profit from revealing this? Hmmmmmm...makes you think. Never made it to the App store and was never vetted by Apple security. You have to install from an outside source over the insecure web which is a bad move regardless of platform.

28. TechieXP1969

Posts: 14967; Member since: Sep 25, 2013

TrandMicrp never said installing Mativirus will stop the issue. Right? So what exactly are you mouthing about?

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.