After being installed on iOS 7, the app’s icon is hidden and it runs in the background immediately. The XAgent app is fully functional malware. As of this publishing, the C&C server contacted by the iOS malware is live. The obvious goal of the SEDNIT-related spyware is to steal personal data, record audio, make screenshots, and send them to a remote command-and-control (C&C) server. After analysis, we concluded that both are applications related to SEDNIT. One is called XAgent (detected as IOS_XAGENT.A) and the other one uses the name of a legitimate iOS game, MadCap (detected as IOS_ XAGENT.B). We found two malicious iOS applications in Operation Pawn Storm. We believe the iOS malware gets installed on already compromised systems, and it is very similar to next stage SEDNIT malware we have found for Microsoft Windows’ systems. The iOS malware we found is among those advanced malware. When they finally successfully infect a high profile target, they might decide to move their next pawn forward: advanced espionage malware. The actors of Pawn Storm tend to first move a lot of pawns in the hopes they come close to their actual, high profile targets. Operation Pawn Storm is an active economic and political cyber-espionage operation that targets a wide range of entities, like the military, governments, defense industries, and the media. While spyware targeting Apple users is highly notable by itself, this particular spyware is also involved in a targeted attack. In our continued research on Operation Pawn Storm, we found one interesting poisoned pawn-spyware specifically designed for espionage on iOS devices. It is very likely that social engineering is an important part. The exact way how the actors install the espionage malware on iOS devices is currently unknown to us. We revisited this finding and found that the iOS device indeed needs to be jailbroken. Updated February 11, 2015, 7:52 PM PST In a previous version of this blog posting, we stated that the iOS device doesn’t have to be jailbroken per se for the malware to be installed. Trend Micro Mobile Security offers protection and detects these malware using the cloud-based Smart Protection Network™ and Mobile App Reputation technology. Updated February 6, 2015, 10:30 AM PST Trend Micro™ Mobile Security protects users' iOS devices and stops threats before they reach them.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |