Previous Story
Hackers Stealing Data on iOS Via Major Security Flaw
WhatsApp, Twitter, Facebook, Facebook Messenger, WeChat, Google Chrome, Viber, Blackberry Messenger, Skype, Telegram, and VK are the apps being used for malicious purposes, according to FireEye.
Security researchers at FireEye have determined that the iOS malware “Masque Attack” – that they first discovered – is now being used by hackers. The bug lets hackers secretly load apps on your phone disguised as real apps, but they’re actually malware. The Italian security firm has been the subject of mystery and criticism in the recent past on allegations that it did propagate attacks on iOS devices using various apps.
The data reviewed by FireEye suggests that the Masque Attack type apps developed by the Hacking Team have been deployed in the field for months, the report added.
Luckily, with iOS 8.1.3, Apple has made it impossible for apps that have the same bundle identifiers to replace themselves, but as researchers also point out, this won’t stop attackers from installing the modified official apps on their own, without rewriting the original, hoping that users remove the official app and leave theirs on the system instead. But Androids are susceptible to the same app-hacking scheme.
The research suggests that the Hacking Team leak has released this Masque Attack threat into the wild for hackers to exploit, but it is important to note that people who download applications from official stores should remain protected.
FireEye said that all iOS users need to update their devices to the latest version and pay close attention to how they download apps.
So, where traditional phishing attempts involve fake emails or websites that look real, Masque Attack is the same basic premise – only with fake apps rather than emails. “We have found 11 reverse-engineered and repackaged versions of a variety of popular apps, all to be used to steal sensitive information and spy on end users”, he said. The exploit exists in both Android and iOS, so it’s only a matter of time before Android users are targeted, too.
“Even if the user has always clicked “Don’t Trust”, iOS still launches that enterprise-signed app directly on calling its URL scheme”, he said. In other words, to download the malicious apps, one would have to click on a particular link in an email or message. The recently discovered issue might not affect a large number of users yet, but it has massive potential for hackers because of the way it operates: It fools the iPhone into downloading a malicious app that replicates an actual app on your phone that it then covertly replaces. As FireEye researcher Zhaofeng Chen noted this week, “We previously have described the threats of Masque Attacks against iOS in a series of blogs [but] Up until now, these attacks had never been seen carried out in the wild”. Mullis said he expects to see the attacks expand their target-base in the near future.
