Author: Lily Hay Newman / Source: WIRED
Private companies around the world have evolved a gray industry supplying digital surveillance and hacking tools to governments and local law enforcement. As the once little-known practice has grown, so too has the resulting malware. Researchers have now found that one of these spyware products, which had previously been found on the Google Play Store, also targeted iOS.
At the Kaspersky Security Analyst Summit in Singapore this week, researchers from the mobile security firm Lookout will present findings on the iOS version of the spyware known as Exodus. The nonprofit Security Without Borders published details of the Android version in conjunction with Motherboard at the end of March. The fact that Exodus has an iOS version, though, shows the impressive reach of the malware and the resources behind it.
And the stakes are high. The iOS version of Exodus, built to look like a mobile carrier support app, used all of the mechanisms iOS offers legitimate apps to grab as much of a target’s data as possible.
It is unclear whether Exodus targeted specific individuals or a broader group, but over the past year, the researchers observed attackers setting up phishing traps to direct users toward the malicious apps. The sites were designed to look like information pages for mobile carriers based in Italy and Turkmenistan—Wind Tre SpA and TMCell, respectively. From there, the pages led victims to the Google Play Store or an Apple workflow for downloading enterprise apps.
Attackers were able to slip the Android app directly into Google Play, but they either couldn’t get it into Apple’s App Store or didn’t try. Instead they used Apple’s Developer Enterprise Program—a platform that institutions can use to distribute their own apps in-house—to spread their spyware in a legitimate-looking way. Apple keeps its app ecosystem fairly locked down; the only way to install software on non-jailbroken iOS devices is to either sneak the app past Apple’s App Store review process or get a certificate for enterprise distribution. It’s relatively
The post ‘Exodus’ Spyware Posed as a Legit iOS App appeared first on FeedBox.