Pages

Thursday, 5 February 2015

IOS Spyware Used For Cyber-Espionage


Researchers from the Japanese anti-virus company Trend Micro have discovered spyware that is designed specifically for iOS devices and is used in cyber espionage. How the spyware is distributed is unknown, but the researchers believe that used previously infected computers. Once an iPhone or iPad is connected to the infected computer, the spyware is installed.

It involves two malicious iOS applications called XAgent and Madcap, the latter is the name of a legitimate application. The XAgent app hides the icon and runs in the background. Once the process is stopped will restart the malware itself almost immediately. Once active attempts spyware text messages, address books, photos, geo-location data, processes, collect installed apps and WiFi status. Audio recordings are made as well.

It seems that the malware for iOS 7 is designed as XAgent operates here fully. In the case of iOS 8 of the spyware the icon is not hidden and the app itself does not automatically restart. If known, the spyware are used against a variety of purposes, including governments, the military, the defense industry and the media.

"The exact method of installation of this malware is unknown. We know that an iOS device jailbroken not necessarily have to be," said the researchers. XAgent example uses Apple's ad hoc provisioning, which is the default distribution method for iOS app developers. Through ad hoc provisioning malware can be installed simply by clicking on a link. The malware was found with an iOS Developer Enterprise to be signed certificate. Another possible method of infection is to connect an iPhone or iPad via USB to an infected Windows computer.

The hashes of the related files are:

05298a48e4ca6d9778b32259c8ae74527be33815
176e92e7cfc0e57be83e901c36ba17b255ba0b1b
30e4decd68808cb607c2aba4aa69fb5fdb598c64

No comments:

Post a Comment