• Trend Micro Discovers iOS Espionage App, Requires User Intervention to Install



    A recently discovered malware campaign named as “Operation Pawn Storm” has begun to target Apple’s iOS devices with a new malicious application that can do the following: steal photos, text messages, contacts and other data from non-jailbroken iPhones. Fortunately there IS one upside to the whole situation: the malware cannot be installed without a users’ consent. Assuming you are careful, the whole malware campaign can easily be avoided.

    Security firm, Trend Micro, recently dubbed the new spyware XAgent and claims that it has observed the spyware using Apple’s ad-hoc provisioning system as an infection vector. This functionality is intended for enterprises and developers who wish to distribute apps to a small group of individuals and allows users to bypass the App Store. The whole process is quite cumbersome and presents multiple notifications to the user that an app will be installed. Operation Pawn Storm as a result is thought to target specific individuals by infecting those around them in the hope that installation instructions received from their circle of friends or colleagues are more likely to be readily followed than not.

    Trend Micro executive Jon Clay told Macworld the following regarding the matter:

    The good thing for users is that this isn't something that can be automatically done. There are steps you have to do as a user to install this.
    Once the malware is installed on iOS devices running iOS 7, XAgent reportedly runs without an app icon and is capable of restarting itself. This isn’t the case on iOS 8 where users would be forced to manually open the app if it is closed or if the device was restarted. This scenario leads Trend Micro to speculate that the spyware was originally designed prior to the release of iOS 8. As mentioned before, XAgent is designed to collect text messages, contact lists, pictures, geolocation data and information on installed apps and running processes as well as Wi-Fi status. Additionally, it can be configured to begin recording audio using the device’s built-in mic and transfer the recordings to a command and control server, the thought of which is pretty scary.

    Overall – be careful what you install! We’ll have to wait and see when Apple patches this exploit.

    Source: MacWorld, Trend Micro (blog)
    This article was originally published in forum thread: Trend Micro Discovers iOS Espionage App, Requires User Intervention to Install started by Akshay Masand View original post
    Comments 5 Comments
    1. gdd2010's Avatar
      gdd2010 -
      Where in the file system is this found. Many Jailbreakers do use iFile and the like, and would be interesting to see if this file exists on their devices.
    1. DavisMedia's Avatar
      DavisMedia -
      Just out of curiosity, how exactly is this malware acquired?
      I didn't quite understand if it is from apps that got through to the App Store, or if this is something that is installed through Safari, etc.
    1. Jahooba's Avatar
      Jahooba -
      I could have sworn this malware was exposed months ago. I remember reading about it.
    1. Funken Ferret's Avatar
      Funken Ferret -
      Quote Originally Posted by DavisMedia View Post
      Just out of curiosity, how exactly is this malware acquired?
      I didn't quite understand if it is from apps that got through to the App Store, or if this is something that is installed through Safari, etc.
      i used to be an iOS advisor (1 year 8 months) for Apple, so i'll fill you in..... ENTERPRISE APPS are something installed thru a configuration utility tool (think of a massive rack that can install apps to dozens of phones + simultaneously), or a specific enterprise apps store which i assume is installed via a configuration utility tool above. so..... this is targeting THOSE devices because Enterprise apps are only supported by a corporate entity, most enterprise apps are installed manually or thru a specific enterprise store that you can only get via the business/ and the business'es IT dept. It doesn't affect the vast majority of us Jailbroken or not that don't have enterprise apps because of what they outlined above. Androids also have the ability to have enterprise apps and app stores, but seeing as how androids are open source, you can install apps from anywhere nilly willy with any APK file. therfore it's much easier to get this kind of malware thru android. once again. Enterprise is just = equivalent to a third party/ but corporate managed store/ Tools. AlrightY?

      don't sweat the petty things, and don't pet the sweaty things.
    1. Funken Ferret's Avatar
      Funken Ferret -
      Quote Originally Posted by Funken Ferret View Post
      i used to be an iOS advisor (1 year 8 months) for Apple, so i'll fill you in..... ENTERPRISE APPS are something installed thru a configuration utility tool (think of a massive rack that can install apps to dozens of phones + simultaneously), or a specific enterprise apps store which i assume is installed via a configuration utility tool above. so..... this is targeting THOSE devices because Enterprise apps are only supported by a corporate entity, most enterprise apps are installed manually or thru a specific enterprise store that you can only get via the business/ and the business'es IT dept. It doesn't affect the vast majority of us Jailbroken or not that don't have enterprise apps because of what they outlined above. Androids also have the ability to have enterprise apps and app stores, but seeing as how androids are open source, you can install apps from anywhere nilly willy with any APK file. therfore it's much easier to get this kind of malware thru android. once again. Enterprise is just = equivalent to a third party/ but corporate managed store/ Tools. AlrightY?

      don't sweat the petty things, and don't pet the sweaty things.
      also please note apple's permission's model is much different than Androids.... so usually if something funny looks like it's trying to ask for permission to install, and you didn't ASK to install it. DENY DENY DENY, and you won't have to worry. The usual iOS sandbox around Apps/ permissions is a wonderful thing.
  • Connect With Us

  • Twitter Box

  • Facebook