Results 1 to 6 of 6

Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.


Thread: Trend Micro Discovers iOS Espionage App, Requires User Intervention to Install

  1. #1
    What's Jailbreak? Akshay Masand's Avatar
    Join Date
    Sep 2011
    Location
    New York City
    Posts
    5,897
    Thanks
    3
    Thanked 200 Times in 179 Posts

    Default Trend Micro Discovers iOS Espionage App, Requires User Intervention to Install


    A recently discovered malware campaign named as “Operation Pawn Storm” has begun to target Apple’s iOS devices with a new malicious application that can do the following: steal photos, text messages, contacts and other data from non-jailbroken iPhones. Fortunately there IS one upside to the whole situation: the malware cannot be installed without a users’ consent. Assuming you are careful, the whole malware campaign can easily be avoided.

    Security firm, Trend Micro, recently dubbed the new spyware XAgent and claims that it has observed the spyware using Apple’s ad-hoc provisioning system as an infection vector. This functionality is intended for enterprises and developers who wish to distribute apps to a small group of individuals and allows users to bypass the App Store. The whole process is quite cumbersome and presents multiple notifications to the user that an app will be installed. Operation Pawn Storm as a result is thought to target specific individuals by infecting those around them in the hope that installation instructions received from their circle of friends or colleagues are more likely to be readily followed than not.

    Trend Micro executive Jon Clay told Macworld the following regarding the matter:

    The good thing for users is that this isn't something that can be automatically done. There are steps you have to do as a user to install this.
    Once the malware is installed on iOS devices running iOS 7, XAgent reportedly runs without an app icon and is capable of restarting itself. This isn’t the case on iOS 8 where users would be forced to manually open the app if it is closed or if the device was restarted. This scenario leads Trend Micro to speculate that the spyware was originally designed prior to the release of iOS 8. As mentioned before, XAgent is designed to collect text messages, contact lists, pictures, geolocation data and information on installed apps and running processes as well as Wi-Fi status. Additionally, it can be configured to begin recording audio using the device’s built-in mic and transfer the recordings to a command and control server, the thought of which is pretty scary.

    Overall – be careful what you install! We’ll have to wait and see when Apple patches this exploit.

    Source: MacWorld, Trend Micro (blog)

    Twitter: @AkshayMasand

  2. #2
    My iPhone is a Part of Me gdd2010's Avatar
    Join Date
    Aug 2010
    Location
    in a barred spiral galaxy on the Cepheus-Draco border
    Posts
    655
    Thanks
    289
    Thanked 412 Times in 245 Posts

    Where in the file system is this found. Many Jailbreakers do use iFile and the like, and would be interesting to see if this file exists on their devices.

  3. #3
    What's Jailbreak? DavisMedia's Avatar
    Join Date
    Feb 2014
    Location
    Tennessee
    Posts
    21
    Thanks
    0
    Thanked 3 Times in 2 Posts

    Just out of curiosity, how exactly is this malware acquired?
    I didn't quite understand if it is from apps that got through to the App Store, or if this is something that is installed through Safari, etc.

  4. #4
    I could have sworn this malware was exposed months ago. I remember reading about it.

  5. #5
    Quote Originally Posted by DavisMedia View Post
    Just out of curiosity, how exactly is this malware acquired?
    I didn't quite understand if it is from apps that got through to the App Store, or if this is something that is installed through Safari, etc.
    i used to be an iOS advisor (1 year 8 months) for Apple, so i'll fill you in..... ENTERPRISE APPS are something installed thru a configuration utility tool (think of a massive rack that can install apps to dozens of phones + simultaneously), or a specific enterprise apps store which i assume is installed via a configuration utility tool above. so..... this is targeting THOSE devices because Enterprise apps are only supported by a corporate entity, most enterprise apps are installed manually or thru a specific enterprise store that you can only get via the business/ and the business'es IT dept. It doesn't affect the vast majority of us Jailbroken or not that don't have enterprise apps because of what they outlined above. Androids also have the ability to have enterprise apps and app stores, but seeing as how androids are open source, you can install apps from anywhere nilly willy with any APK file. therfore it's much easier to get this kind of malware thru android. once again. Enterprise is just = equivalent to a third party/ but corporate managed store/ Tools. AlrightY?

    don't sweat the petty things, and don't pet the sweaty things.

  6. #6
    Quote Originally Posted by Funken Ferret View Post
    i used to be an iOS advisor (1 year 8 months) for Apple, so i'll fill you in..... ENTERPRISE APPS are something installed thru a configuration utility tool (think of a massive rack that can install apps to dozens of phones + simultaneously), or a specific enterprise apps store which i assume is installed via a configuration utility tool above. so..... this is targeting THOSE devices because Enterprise apps are only supported by a corporate entity, most enterprise apps are installed manually or thru a specific enterprise store that you can only get via the business/ and the business'es IT dept. It doesn't affect the vast majority of us Jailbroken or not that don't have enterprise apps because of what they outlined above. Androids also have the ability to have enterprise apps and app stores, but seeing as how androids are open source, you can install apps from anywhere nilly willy with any APK file. therfore it's much easier to get this kind of malware thru android. once again. Enterprise is just = equivalent to a third party/ but corporate managed store/ Tools. AlrightY?

    don't sweat the petty things, and don't pet the sweaty things.
    also please note apple's permission's model is much different than Androids.... so usually if something funny looks like it's trying to ask for permission to install, and you didn't ASK to install it. DENY DENY DENY, and you won't have to worry. The usual iOS sandbox around Apps/ permissions is a wonderful thing.

Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •