New iOS spyware targets non-jailbroken devices but requires user intervention to install
A malware campaign known in the security industry as "Operation Pawn Storm" has begun to target Apple's iOS devices with a new malicious application that can steal photos, text messages, contacts, and other data from non-jailbroken iPhones, but which cannot be installed without users' consent.
A phishing page used to spread XAgent malware. Source: Trend Micro
Dubbed XAgent by security firm Trend Micro, the new spyware has been observed using Apple's ad-hoc provisioning system as an infection vector. This functionality is intended for enterprises and developers who wish to distribute apps to a small group of individuals and allows users to bypass the App Store.
This is a cumbersome process which presents multiple notifications to the user that an app will be installed. As a result, Operation Pawn Storm is thought to target specific individuals by infecting those around them in the hope that installation instructions received from their circle of friends or colleagues will be more readily followed.
"The good thing for users is that this isn't something that can be automatically done," Trend Micro executive Jon Clay told Macworld. "There are steps you have to do as a user to install this."
Once installed on devices running iOS 7, XAgent runs without an app icon and is capable of automatically restarting itself. This is not the case on iOS 8 --?users would be forced to manually open the app if it closed or the device was restarted, which leads Trend Micro to believe the spyware was designed before iOS 8 was released.
XAgent is designed to collect text messages, contact lists, pictures, geolocation data, information on installed apps and running processes, as well as Wi-Fi status. Additionally, it can be configured to begin recording audio using the device's built-in microphone and transfer those recordings to a command and control server.
As usual, users can mitigate their risk by not clicking on suspicious links, even if they appear to come from a trusted source.
A phishing page used to spread XAgent malware. Source: Trend Micro
Dubbed XAgent by security firm Trend Micro, the new spyware has been observed using Apple's ad-hoc provisioning system as an infection vector. This functionality is intended for enterprises and developers who wish to distribute apps to a small group of individuals and allows users to bypass the App Store.
This is a cumbersome process which presents multiple notifications to the user that an app will be installed. As a result, Operation Pawn Storm is thought to target specific individuals by infecting those around them in the hope that installation instructions received from their circle of friends or colleagues will be more readily followed.
"The good thing for users is that this isn't something that can be automatically done," Trend Micro executive Jon Clay told Macworld. "There are steps you have to do as a user to install this."
Once installed on devices running iOS 7, XAgent runs without an app icon and is capable of automatically restarting itself. This is not the case on iOS 8 --?users would be forced to manually open the app if it closed or the device was restarted, which leads Trend Micro to believe the spyware was designed before iOS 8 was released.
XAgent is designed to collect text messages, contact lists, pictures, geolocation data, information on installed apps and running processes, as well as Wi-Fi status. Additionally, it can be configured to begin recording audio using the device's built-in microphone and transfer those recordings to a command and control server.
As usual, users can mitigate their risk by not clicking on suspicious links, even if they appear to come from a trusted source.
Comments
Step 1. Pick up hammer
Step 2. Slam hammer down on phone repeatedly
OMG, HAMMER is an exploit.
It is a prompt for accepting installation of the apication. I think Apple can revoke the certificate of anyone doing this. Not sure how it could be a real threat given that.
Something that needs to be fixed before this becomes an issue is the automatic redirects that websites have now, where it kicks you to the App Store for some garbage freemium game.
I'm sure if security researchers did some actual work they could probably find exploits more interesting than this. Running to the uninformed press about misusing a built in feature is not an exploit. You might as well provide the instructions:
Step 1. Pick up hammer
Step 2. Slam hammer down on phone repeatedly
OMG, HAMMER is an exploit.
This is exactly why I would never buy a Chinese hammer from eBay.
The exploit asks you three questions, which you have to answer correctly to initiate installation:
1. Is your daddy also your grandpa?
2. Do you play a banjo?
3. Are these questions being read to you?
Any glimmer of intelligence and the installation is aborted.
OMG! Everybody RUN and hide under your beds. The Boogeyman is gonna get you.
Almost all malware requires user intervention at some level. Browser addons won't install without intervention, for example. All the crap that gets packaged with installers nowadays requires you to fail to note that extra stuff is getting installed.
The fact that this can apparently bypass the app store on non-jailbroken devices is what's scary. I hope Apple can fix it with something as simple as a certificate revocation.
Something that needs to be fixed before this becomes an issue is the automatic redirects that websites have now, where it kicks you to the App Store for some garbage freemium game.
Well, whoever click on a link to install the application deserves it. Don't tell me anyone owing an idevice didn't know already that apps should be installed from App store only.
Except that you don't need a jailbroken iPhone to get this.
Android isn't secure.
See? Android is just as good as iOS.
iOS isn't secure.
Android isn't secure.
See? Android is just as good as iOS.
So, I guess a Yugo is just as resistant to accidents as a Tank because the result of them being hit by a meteorite is just the same...
There, fixed that for you...
So, I guess a Yugo is just as resistant to accidents as a Tank because the result of them being hit by a meteorite is just the same...
Clever
Thank you, it was hurting my brain to see it written like that.
The person you quoted wasn't talking about clicking on links. There's an App Store redirect that happens without any user intervention at all. It's freaking annoying and I thought Apple was supposed to have fixed it in iOS 7!!!