FireEye security researchers have uncovered the first instance of targeted iOS malware being used against non-jailbroken iOS devices.
Until now, users who jailbroke their iOS devices ran the gauntlet of opening up their device to malware attacks, while users who didn’t tamper with their iPhone or iPad felt secure.
Users typically jailbroke their iOS devices in order to download apps that weren’t approved for the App Store.
FireEye has recently uncovered 11 iOS apps within Hacking Team’s arsenals that utilise Masque Attacks, marking the first instance of targeted iOS malware being used against non-jailbroken iOS devices.
These apps are reverse engineered and weaponised versions of popular social media and messaging apps like WhatsApp, Twitter, Facebook, Facebook Messenger, WeChat, Google Chrome, Viber, BlackBerry Messenger, Skype, Telegram and VK.
Users urged to update their iOS devices to latest operating system
“Unlike the normal versions of these apps, they come with an extra binary designed to exfiltrate sensitive data and communicate with a remote server,” explained Zhaofeng Chen from FireEye Threat Research.
“Because all the bundle identifiers are the same as the genuine apps on App Store, they can directly replace the genuine apps on iOS devices prior 8.1.3.
“Note that the bundle identifiers are actually configurable by the remote attackers. So for iOS devices above 8.1.3, although the Masque Attack vulnerability has been fixed, the attackers can still use a unique bundle identifier to deploy the weaponised app,” Chen said.
Chen said advanced targeted attacks against iOS devices like the iPhone, iPad and iPod have begun to emerge.
“We encourage all iOS users to always update their devices to the latest version of iOS and pay close attention to the avenues that they download their apps.”
iOS malware attack image via Shutterstock