Detect spyware targeting iOS users
Network security researchers have recently discovered the iOS version of a phone spy application, originally designed to target Android devices through applications on Google Play Store.
This malware is named Exodus. It is spyware that works on iOS, developed based on the Android version that was discovered by security researchers at LookOut during the analysis of Android models they found last year. .
- Reveal personal data of more than 1.3 million people from a vulnerability in web application
Unlike the Android variant, the Exodus version on iOS has been distributed outside Apple's official App Store, primarily through phishing sites designed to mimic Italian and Turkmenistan mobile operators to benefit. use lightness from the victim.
Besides, because Apple has always maintained a policy of restricting the application setting directly outside the app store, it is officially the App Store, so the iOS version of Exodus switched to abuse Apple Developer Enterprise program, allowing businesses distribute internal applications directly to their employees without using iOS's App Store, thereby spreading them to personal user devices.
- Hackers antivirus application preinstalled on Xiaomi phones into malware
This malicious information is shared by LookOut's security experts in a blog post as follows:
"Each phishing site will contain links to a distribution manifest, which contains metadata such as the application name, version, icon and URL for the IPA file. All of these packages used the profile provided with the distribution certificate associated with the company named Connexxa SRL '.
Although the iOS variant of Exodus is less sophisticated than the version on Android, these spyware can still filter important and basic personal information from targeted iPhone devices including , contacts, recording, photos, videos, GPS location and device information.
The stolen data will then be transmitted through HTTP PUT requests to the endpoint on the attacker's command and control server (command and control server), which is a CnC infrastructure like used with the Android version, and also uses the same communication protocols.
- Google: Play Protect helped cut 20% of malicious Android application installations by 2018
In addition, some technical details also indicate that Exodus "may be the product of a sponsored spy code development project" and aims to target government or law enforcement agencies. law of the state.
"The operation mechanism of this malicious code includes the use of certificate pinning, general key encryption for communication protocol C2 (C2 communications), and a comprehensive set of monitoring features that are well implemented." , the researchers said.
Developed by an Italian-based company called Connexxa SRL, Exodus appeared on Android at the end of the month before some white-hat hackers from Security Without B Border organization discovered nearly 25 disguised applications. into software services on Google Play Store. Of course these malicious applications were also removed by the tech giant immediately after receiving the notification.
- The alarming increase in the number of attacks targeted at IoT devices
According to information security researchers obtained, Exodus has been developed for at least 5 years. In addition, Exodus on Android usually includes 3 separate deployment stages. First, malicious code will collect basic identification information, such as IMEI and phone number of the targeted device. The second phase includes multiple binary packages that are responsible for deploying a set of monitoring functions. Finally, at the third stage, malicious code will use 'infamous' DirtyCOW exploits (CVE-2016-5195) to gain root control over infected phones. After successful installation, Exodus can perform a large number of spy requests on the device that is difficult to detect. Besides, the Android variant is also designed to keep running on infected devices even when the user turns off the screen.
While the Android version of Exodus is likely to have infected on 'a few thousand devices or more', it is currently not possible to estimate how many iPhones are infected with the iOS Exodus variant.
After being informed by Lookout researchers about Exodus spyware, Apple immediately revoked the business certificate, preventing malicious applications from being installed on the new iPhone and running on devices. infected.
- The unsafe 'feature' on UC Browser allows hackers to take control of Android phones remotely
This is the second case in just one year when an Italian software company was caught distributing spyware applications. Earlier last year, another European-based company was also "caught up" distributing "Skygofree", a dangerous spy tool designed exclusively for Android, to help hackers. Full control over remote infection devices.
You should read it
- New malware detection has terrible spy capabilities never seen on Android
- Discovered a group of hackers who use secret code to spy on 21 countries
- Series of Android applications contain malicious code you should remove immediately from your device
- Android apps contain malicious code that uses motion sensors to avoid detection
- Malware Judy attacked more than 36.5 million Android phones
- Most Android anti-virus software cannot detect malicious APK files
- Google 'purged' 24 applications downloaded nearly 500,000 times containing malicious malware
- 238 applications found on Play Store contain malicious code that paralyzes smartphones
- How to detect malicious apps on Android
- Hackers antivirus application preinstalled on Xiaomi phones into malware
- 9 malicious applications on Google Play, if installed, should be removed immediately
- Malware and user security bugs are found in top free VPN applications
Maybe you are interested
How to view Android system update history
Download Vidmate APK for Android, HD video download app
This Simple Android App Proves Anything Can Contain Malware
8 Android Apps to Write Notes Directly on the Home Screen
How to Install Kali Linux NetHunter on Android
How to Easily Move All Passwords from iPhone to Android