Luckily, with iOS 8.1.3, Apple has made it impossible for apps that have the same bundle identifiers to replace themselves, but as researchers also point out, this won’t stop attackers from installing the modified official apps on their own, without rewriting the original, hoping that users remove the official app and leave theirs on the system instead.
Advertisement
Simon Mullis, global technical lead at FireEye, told V3 that the main difference between this version and the previous iterations of Masque Attack is that they are now being spotted “in the wild”.
The Hacking Team according to FireEye Inc. In this case, a random bundle identifier can be used, which FireEye says changes the type of attack to an “Enpublic attack” rather than “Masque attack”.
The threat was revealed by security firm FireEye at the Black Hat security conference in Las Vegas, after researchers analysed the 400GB of data logs leaked from Hacking Team last month. The Italian security firm has been the subject of mystery and criticism in the recent past on allegations that it did propagate attacks on iOS devices using various apps.
What happened in these “Masque” attacks was legitimate apps were copied by hackers and modified to contain a library that could steal information from Skype, Twitter, Facebook, iMessage and even login credentials.
After the leak of Hacking Team’s internal data in June, security researchers have been busy trying to find out what different techniques were used by the team in its endeavors to hack and spy on its targets.
Its customer list includes the US Federal Bureau of Investigation (FBI) and UK National Crime Agency (NCA).
FireEye said that all iOS users need to update their devices to the latest version and pay close attention to how they download apps. According to FireEye, these modified apps came with an extra binary designed to exfiltrate sensitive data and communicate with a remote server.
Over 100,000 Android users download a fake BBM app from the Google Play store. Once the app is installed and trusted by a user, it can be used to steal contact and calendar information, photos, video and other data on the compromised device.
The Play Store now allows you to enhance the performance of your applications and gather user feedback before it gets rolled out to public, further ensuring the stability of the application and in turn ensuring better turn over.
The exploit exists in both Android and iOS, so it’s only a matter of time before Android users are targeted, too.
According to FireEye, hackers are using fake apps to mimic popular apps such as WhatsApp, Twitter, Facebook, Facebook Messenger, WeChat, Google Chrome, Viber, Blackberry Messenger, Skype, Telegram and VK. The company’s attack tools try everything possible to infiltrate the victim’s device, and enable persistent remote control.
An iOS vulnerability discovered earlier this year saw malicious apps masquerading as official apps in the App Store.
Advertisement
“It is a glimpse under the water to see the rest of the iceberg”, Mullis said.
