- The new version disguises as legit iOS apps to target Apple device users.
- It has been used to target Italian and Turkmenistan users.
At the Kaspersky Security Analyst Summit in Singapore, this week, researchers have presented the iOS version of the Exodus spyware. This new version disguises as legit iOS apps to target Apple device users. It has been used to target Italian and Turkmenistan users.
The big picture - The Exodus spyware came to light last month when Security Without Borders, a non-profit organization, found the spyware hidden inside multiple apps on the Play Store. The malware gained root-level access to infected Android devices and stole device information.
A total of 25 variants of the spyware were used to infect customers of a local Italian Internet Service Provider (ISP).
What about the Exodus iOS version - The Lookout security researcher Adam Bauer revealed that they discovered the iOS variant of the spyware during the analysis of Exodus samples last year. The sample is available for download through phishing sites that imitate Italian and Turkmenistani mobile carriers.
In order to make it less suspicious, the Exodus-infected iOS apps included legit certificates issued by Apple. This enabled the victims to install malicious apps, even from outside the App Store.
What are its capabilities - The iOS version of Exodus spyware is capable of stealing a lot of information stored on the Apple device. This includes stealing contacts, photos, videos, audio recordings, and GPS information. It can also perform on-demand audio recording operations on the infected device.