[ad_1]
Private companies around the world has evolved a gray industry supplying digital surveillance and hacking tools to governments and local law enforcement. As the little-known has grown, so too has the resulting malware. These also have been found to be one of those spyware products, which had previously been found on the Google Play Store, also targeted iOS.
At the Kaspersky Security Analyst Summit in Singapore this week, researchers from the mobile security firm Exodus. The nonprofit Security Without Borders published in the Android version of Motherboard at the end of March. The fact that Exodus has an iOS version, though, shows the impressive reach of the malware and the resources behind it.
And the stakes are high. The iOS version of Exodus, built to look like a mobile carrier support app, used all of the iOS mechanisms.
Hiding in Plain Sight
It is unclear whether or not it is targeted at a particular group or group of people, but it does not include the target group. The sites were designed to look like information for mobile carriers in Italy and Turkmenistan-Wind Tre SpA and TMCell, respectively. From there, the page leads to the Google Play Store or an Apple workflow for enterprise download apps.
Attackers were able to slip into the Android app directly into Google Play, but they could not get it to Apple's App Store or did not try. Instead they used Apple's Developer's Enterprise Program-a platform that institutions can use to distribute their own apps in-house-to-spread their spyware in a legitimate-looking way. Apple keeps its app already packaged; Apple's App Store is an Apple iOS App Store for Apple's App Store. It's relatively easy to buy one of these certificates from Apple and costs only $ 300. This approach has become more common to spread malware, and it has also become more controversial.
Once installed, Exodus could access photos, videos, device IDs, audio recordings, and contacts on target devices, while also tracking the user's location and listening to their conversations through the iPhone or iPad's microphone. Both the Android and iOS versions of Exodus have now been blocked. Apple declined to comment.
"In terms of capabilities on the iOS side, they're doing pretty much everything." "Apple APIs, but they're abusing the surveillance-type activities," Adam Bauer says. senior security intelligence engineer at Lookout. "Finding surveillance-ware on Android or even iOS is not necessarily uncommon. But finding an actor is relatively rare. The main differentiator with this actor is the level of professionalism that we've seen from them. "
Mass Exodus
The Lookout researchers say that the developers have been working on and releasing Android versions of Exodus for the past five years. Android, the spyware works in three phases to gain access to victims' devices, first establishing a foothold, then installing a larger payload that sets the surveillance capabilities, and then exploiting a vulnerability to gain access. The Android malware led the researchers to the phishing sites used to live victims to the apps, which in turn to the iOS app.
The iOS version, which seems to have more recently, does not rely on exploiting to establish a pervasive device access, instead counting on users to unintentionally give permission for the app to run its surveillance tools. Lookout's Bauer points out that it could have been possible to use the iOS app's monitoring by turning off some of its access, but anyone who had already been tricked into thinking about it.
The researchers say that Exodus' development and distribution mechanisms show a high level of professionalism and care. For example, the command and control infrastructure was carefully monitored and cautioned many malware makers forget. In analyzing this framework, the researchers say that they have been developed by the Italian video surveillance software company and have been identified in Connexxa. eSurv's website is no longer live, and the company could not be reached for comment.
"There's a case where both of the mobile platforms are affected," said Christoph Hebeisen, senior manager of security intelligence at Lookout. "And in both cases, because of the enterprise deployment of iOS and because of the Play Store on Android, it was a fairly legitimate-looking distribution mechanism. So protecting your mobile devices against these things is really crucial. "
Mobile users can take precautions to avoid spyware by staying vigilant about avoiding phishing and sticking to mainstream apps downloaded directly from Google Play or Apple's App Store. But Exodus's presence on both platforms shows just how difficult it is to practice to skirt insidious, well-crafted spyware. And unfortunately, there's more than that.
More Great WIRED Stories
[ad_2]
Source link