Hacking Team compromised non-jailbroken iOS devices using a variant of last year’s Masque Attack, in which Apple devices were infected via emails and text messages. (App downloads from Apple’s App Store are safe; you’re only susceptible to the malware apps if you click the infected link.).
Advertisement
Even though the masque attack has been patched, meaning that apps can’t overwrite others, an attacker can still modify the bundle identifier to circumvent it and install it alongside any official apps if they can trick the user into installing it.
The 11 apps that were used by the Hacking Team are as follows: WhatsApp, Twitter, Facebook, Facebook Messenger, WeChat, Google Chrome, Viber, Blackberry Messenger, Skype, Telegram, and VK.
The vulnerability was discovered by hackers from information stolen from Hacking Team, according to researchers at FireEye. Hackers have figured out how to persuade iPhone users to install malicious apps on their iPhones without their knowledge.
Simon Mullis, global technical lead at FireEye, told V3 that the main difference between this version and the previous iterations of Masque Attack is that they are now being spotted “in the wild”.
The research suggests that the Hacking Team leak has released this Masque Attack threat into the wild for hackers to exploit, but it is important to note that people who download applications from official stores should remain protected.
Hacking Team is typically a Milan-based information technology and the trending world firm that makes provoking invasion and following functionality to effectively states, the police groups and companies.
These aren’t the real apps of the services mentioned above but bogus clones replicating the authentic looks of the original apps.
FireEye said that all iOS users need to update their devices to the latest version and pay close attention to how they download apps.
The technique reportedly works on all major mobile operating systems including iOS and Android.
It also shows why administrators need to restrict installation of iOS applications on corporate owned devices unless the applications are obtained from the official App Store, he said.
Malicious versions of numerous popular legitimate apps aimed at smartphone users have been discovered by FireEye said Mullis. Each of these apps featured a control panel to configure the behaviour of the malicious application. The company’s attack tools try everything possible to infiltrate the victim’s device, and enable persistent remote control.
The firm said the attack was one of the most advanced it had seen.
The best way to protect yourself from Masque Attack is to take all standard anti-phishing precautions – you should never click on or trust a suspicious link.
Advertisement
“There is a clear ecosystem at play and I have no doubt that this technique could and will be used by criminal gangs for financial gain”, he said.
