A dangerous Android malware arrives on the iPhone

An insidious variety of Android spyware has finally been transmitted to the iPhone.

Earlier this year, mobile security company Lookout discovered malware for Android and iOS that could steal "contacts, audio recordings, photos, location, etc., from devices," according to a report. company blog.

The malicious program was originally discovered on the Google Play Store in Italian for Android and disguised as "service applications" of mobile operators, according to Security Without Borders, which also documented the malicious program .


Android malware versions, dubbed Exodus, have been inadvertently installed dozens of times, "with a case of 350," said Security Without Borders.

A Google spokesman told Fox News that he "had deleted Google Play apps earlier this year" and warned users who had installed the malicious program. "We are investing heavily in protecting users against malicious applications, malicious developers and new trends in abuse," added the spokesperson.

Now on the iPhone

Lookout's research on the Android version of the malware led to its discovery on iOS.

Unlike the Android version, the malware is not distributed through the App Store, but through the Apple Developer Enterprise program, which allows organizations to distribute proprietary internal apps to their employees and bypass the App Store, said Lookout.

However, some malicious groups have exploited this possibility, told Fox News Domingo Guerra, senior director, Modern OS Security, Symantec. These groups "misused the" hole-in-hole "of the enterprise application certificate to bypass the App Store review process and make sure that their applications are" reloaded ". side "on the target devices", he said.

This is a new twist and potentially a sign of the future. "The fact that it uses this" back door "of the Apple Enterprise Developer program is quite new and is probably a new way that other actors might try to target when they target iOS users," he says. Adam Kujawa, director of Malwarebytes Labs, told Fox News.

As the App Store is secure, malware providers have been forced to choose another route, Kujawa said. "Apple has a more locked application store, trying to drag it into the repository of legitimate applications is virtually impossible."

Instead, attackers set up phishing sites, claiming to be mobile carriers, Kujawa added. "From these pages, there are links to install what the user thinks to be useful applications of their mobile operator …[but] these links will allow the user to download the application on his iOS device. "

THE 7 Technological Wonders of the 21st Century

"They can do this by assigning a legitimate business certificate to this application, including Connexxa S.R.L.," continued Kujawa.

The iOS version is more limited than the Android variant, but it still allows you to recover personal data and listen to the microphone of an iPhone, said Kujawa. But once Apple was notified, they put the certificate used by the application on the blacklist.


Source link