iPhones Targeted With Data Stealing Malware

ZDNet reports of a new mobile malware campaign that is “gaining access to iPhones by tricking users to download an open-source mobile device management (MDM) software package.”

Once in control, the unidentified hackers can steal various forms of sensitive information from infected devices, including the phone number, serial number, location, contact details, user’s photos, SMS, and Telegram and WhatsApp chat messages. Thirteen users — all in India — have been been compromised in the attacks, which have been detailed by Cisco Talos. Those infected use a range of iPhone models and are running iOS versions ranging from 10.2.1 to 11.2.6. The campaign has been active since August 2015. The attackers take control by using the MDM package, which can give attackers complete control of the device and the ability to install fake versions of real apps.

Two different MDM services are used in the campaign, enabling system-level control of multiple devices from one location and the ability to install, remove and exfiltrate data from apps. One method of stealing data comes via malicious versions of messaging services like Telegram and WhatsApp being pushed onto the compromised device via fake updates. The apps look legitimate to the user, but malicious code sends information — including messages, photos and contacts — to a central command and control server. Deploying these apps requires a side-loading injection technique, which allows for the ability to ask for additional permissions, execute code and steal information from the original application.

The article refers to a multistep process  to trick users into adding certificates as trusted. Because if your phone trusts a certificate, you can load developer apps directly onto a phone. In short, you’re basically side-loading an app without having to get past the App Store’s restrictions. This illustrates why you should never do things like install apps from unknown sources or jailbreak an iPhone. Sure you don’t get all the cool apps and tweaks that Android users get, but at least you are safe.

The other thing that I note is that older versions of iOS are mentioned. That kind of implies that if you have an up to date version of iOS, this malware may not work as well if at all. That reinforces the fact that you should always update your device with the latest OS to keep yourself safe.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: