A latest threat intelligence report from a mobile security enterprise has revealed the security impact of iOS on the organizations over the past ten years. The report unveils some stark revelations and breaks the myth that iOS devices are safe when compared to Android. We are witnessing an upward curve when it comes to iOS infections. This rate is said to be bigger than Android infections. So, you’ll know that iOS devices are being eyed by hackers across the world. We bring three significant malware that crippled iOS devices in 2017.
The precise source and method how Xsser malware ended up on iOS is still a mystery, albeit, the most likely method speculated is pretending to be an app helping Hong Kong protesters meet. Xsser mRat is a Trojan which means it needs an infected package containing the malware to be installed on jailbroken iOS devices. Once installed, the malware can run in the background of a vulnerable phone and can steal SMS messages, call logs, location data, photos, address book, passwords from iOS keychain and more. To protect your iPhone, it is recommended to not jailbreak your phone, however, if your iPhone is already jailbroken you should think twice before installing any apps from third-party app stores.
Malware are always not deployed to steal money from unwary users. At times, malware are state-sponsored that could snoop on diplomats and officials of the target country. Cloud Atlas is one such malicious software that is said to have snooped on diplomats, oil industry workers, and the financial industry, intercepting communications and record their calls. The malware exploits the vulnerability in Rich Text Format word documents and are sent to the victims. Here, the targets receive documents purporting from “Mrs. World” or as adverts for diesel engine parts or files called “Diplomat Car for Sale.doc.” However, you needn’t worry if you haven’t jailbroken your device, because the stock iOS devices are unscathed by the attack.
Unlike other malware listed before, Pegasus is the most sophisticated among the lot. Primarily because it takes advantage of how integrated mobile devices are in our lives and the combination of features available on a smartphone: WiFi, 3G/4G, voice communications, camera, email, messaging, GPS, passwords, and contact lists. The attack causes Kernel Memory corruption which in turn leads to jailbreak. Interestingly, the attack sequence begins with a classic phishing campaign: sending text message, open web browser, load page, exploit vulnerabilities, and install persistent software to collect information. All of this, happens without your notice and you wouldn’t know the device is compromised until later. To stay safe, you need to steer clear from suspicious emails and links that take you to the unknown world.
Nevertheless, there are umpteen malware sharpening their codes to attack iOS devices. Interestingly, iOS devices become vulnerable only when they’re jailbroken, albeit, Pegasus-like malware are advanced enough to creep into your phone despite being secure. Thus, regular scanning of your phone for malicious documents and being situationally aware will help in the long run.