New iOS malware can steal personal information from non-jailbroken devices
Yesterday, I told you that Android users may be affected by malware even if they only use Google Play to get apps. Three popular, adware-riddled, titles made it past Google's security checks, remaining undetected for months -- in fact, they may still be affecting users as we speak. And if you believe that iOS is safe, you might want to reconsider. New malware has been found, affecting iOS users even if they haven't jailbroken their device. Is there nothing that's safe anymore?
Security firm Trend Micro has uncovered the malware as part of an investigation into Operation Pawn Storm, a cyber-espionage operation with economic and political targets. It is designed to steal personal information, like contact lists, geo-location data, photos, text messages and more. The malware affects both iOS 7 and iOS 8, which are found on 97 percent of Apple's mobile devices.
Trend Micro uncovered two malicious apps in its research, one called XAgent, and the other bearing the name of iOS game MadCap. The malware is said to be "very similar to next stage SEDNIT malware", which has been found on Windows devices.
XAgent can do what I already mentioned above, as well as record audio, get a list of installed apps and processes as well as the Wi-Fi status. It works on non-jailbroken devices. On the other hand, MadCap does not, requiring a jailbroken device. The latter is focused on audio recording.
XAgent is believed to have been developed prior to the release of iOS 8, as it is more effective on devices running iOS 7. "After being installed on iOS 7, the app's icon is hidden and it runs in the background immediately. When we try to terminate it by killing the process, it will restart almost immediately. Installing the malware into an iOS 8 device yields different results. The icon is not hidden and it also cannot restart automatically", says Trend Micro.
How can you stay safe? Well, there appears to be no clear answer at the moment. Trend Micro says that it does not know with absolute certainty all the ways in which the malware is installed. It does not rule out infection via a compromised Windows device, through USB.
The security firm does mention that it is possible to get the malware onto an iOS device by tricking users into tapping on a "Tap Here to Install the Application" link inside a web page. Apple's ad-hoc provisioning -- a distribution method designed to allow iOS developers to beta-test their apps -- is then used.