Mobile securit researchers warn of a mobile app that may have been
used to collect users' personal data as part of an "economic and
political cyber-espionage operation" targeting military, governments,
defense, and media—with civilians unwittingly caught up as collateral
damage.
Users of Apple's iPhone, iPad and iPod touch running iOS were warned this week against an espionage app being used in a targeted attack campaign.
Users of Apple's iPhone, iPad and iPod touch running iOS were warned this week against an espionage app being used in a targeted attack campaign.
Trend Micro said the
app is used in Operation Pawn Storm, an "economic and political
cyber-espionage operation" whose targets include the military,
governments, defense and media.
"We believe the
iOS malware gets installed on already compromised systems, and it is
very similar to next stage SEDNIT malware we have found for Microsoft
Windows’ systems," researchers Lambert Sun, Brooks Hong and Feike
Hacquebord said in a blog post.
According to the researchers, they found two malicious iOS applications in Operation Pawn Storm.
One of the two, IOS_ XAGENT.B, uses the name of a legitimate iOS game
"MadCap." The second was identified as XAgent (IOS_XAGENT.A).
Both apps are related to SEDNIT, which the researchers said aims to
personal data, record audio, make screenshots, and send them to a remote
command-and-control server.
"As of this publishing, the C&C server contacted by the iOS malware is live," Trend Micro said.
XAgent, once installed on iOS 7, hides its icon and runs in the background immediately.
"When we try to terminate it by killing the process, it will restart almost immediately," the researchers said.
But on iOS 8, the icon is not hidden and it cannot restart automatically.
"This suggests that the malware was designed prior to the release of iOS 8 last September 2014," they said.
The researchers said the app is designed to collect all kind of information on an iOS device and can:
- Collect text messages
- Get contact lists
- Get pictures
- Collect geo-location data
- Start voice recording
- Get a list of installed apps
- Get a list of processes
- Get the Wi-Fi status
Even works on un-Jailbroken phones
What is potentially dangerous is that the iOS device "doesn’t have to be jailbroken per se," the researchers said.
"We have seen one instance wherein a lure involving XAgent simply says
'Tap Here to Install the Application.' The app uses Apple’s ad hoc
provisioning, which is a standard distribution method of Apple for iOS
App developers," they said.
Via ad hoc provisioning, the researchers said the malware can be installed simply by clicking on a link. — Joel Locsin/TJD, GMA News
source: gmanetwork.com
