For years Apple has told its fan boys that they have the best security in the world and that only rival phones and PCs can be hacked. While the evidence has suggested that Apple security was no more stronger than anyone else's and at times seemed to be held together by masking tape and prayer to the spirit of Steve Jobs, Apple fanboys have been largely convinced by the marketing.
Now a new mobile malware campaign that is "gaining access to iPhones by tricking users to download an open-source mobile device management (MDM) software package". OK, getting users to install malware on their machines does not sound like a particularly productive attack vector but apparently the hack is taking hold.
Thirteen users -- all in India -- have been been compromised in the attacks, which have been detailed by Cisco Talos. Those infected use a range of iPhone models and are running iOS versions ranging from 10.2.1 to 11.2.6. The campaign has been active since August 2015. The attackers take control by using the MDM package, which can give attackers complete control of the device and the ability to install fake versions of real apps.
Two different MDM services are used in the campaign, enabling system-level control of multiple devices from one location and the ability to install, remove and exfiltrate data from apps. One method of stealing data comes via malicious versions of messaging services like Telegram and WhatsApp being pushed onto the compromised device via fake updates.
The apps look legitimate to the user, but malicious code sends information -- including messages, photos and contacts -- to a central command and control server. Deploying these apps requires a side-loading injection technique, which allows for the ability to ask for additional permissions, execute code and steal information from the original application.