The bug lets hackers secretly load apps on your phone disguised as real apps, but they’re actually malware. This can be facilitated even on non-jailbroken iOS devices, and is as easy as making the victim click on an email link.
Advertisement
The data reviewed by FireEye suggests that the Masque Attack type apps developed by the Hacking Team have been deployed in the field for months, the report added. “It could look identical to the standard app but have extra functionality”, FireEye global technical lead Simon Mullis said. The Italian security firm has been the subject of mystery and criticism in the recent past on allegations that it did propagate attacks on iOS devices using various apps.
The technique used in the attacks was leaked during the Hacking Team data breach.
Its customer list includes the US Federal Bureau of Investigation (FBI) and UK National Crime Agency (NCA).
The attacks work by duping smartphone users into installing the malicious apps without their knowledge.
To ensure your safety, never install apps that are not downloaded through your official app store, and if you’re ever redirected out of your app store to a site you feel is suspicious, back away.
The problem is that the downloads occur without the user seeing them. These modified apps utilized a “masque” attack technique which allowed them to install a modified app over the top of the official version by prompting user to install the bogus app.
These aren’t the real apps of the services mentioned above but bogus clones replicating the authentic looks of the original apps. “We have found 11 reverse-engineered and repackaged versions of a variety of popular apps, all to be used to steal sensitive information and spy on end users”, he said.
Traditional phishing scams involve sending users emails or occasionally text messages which come from hackers or scam artists, but appear – at least at first glance – to come from legitimate businesses or organizations: “This is the IRS”.
FireEye examined over 400GB of Hacking Team data leaked by the attackers and discovered that the company has sophisticated, remotely-controllable exploits for all major mobile platforms including iOS, Android, Windows Phone, BlackBerry and Symbian. Business Insider has reached out to the companies involved for comment on FireEye’s findings and advice how users can protect themselves.
FireEye ended its Masque Attack alert by concluding “We encourage all iOS users to always update their devices to the latest version of iOS and pay close attention to the avenues that they download their apps”. Each of these apps featured a control panel to configure the behaviour of the malicious application.
Advertisement
“One of the most interesting revelations is the level to which the attack infrastructure was pre-prepared to use every available method possible to compromise the intended victims in the form of a mobile attack suite”. Mullis said he expects to see the attacks expand their target-base in the near future.
