Saturday , August 20 2022

Dangerous Android malware reaches the iPhone


An insidious variety of spyware for Android has finally come to the iPhone.

Earlier last year, the mobile security company Lookout discovered malware from Android and iOS that can steal "contacts, audio recordings, photos, location and much more from devices," according to a blog post of the company.

Malware was originally found on the Google Play Store for Android in the Italian language and disguised as "service applications" from mobile phone operators, according to Security Without Borders, which also documented malware.


Android malware versions, called Exodus, were installed without knowing it dozens of times, "with a case that exceeded 350," said Security Without Borders.

A Google spokesman told Fox News that "he eliminated Google Play applications earlier this year," and warned users that they had installed malware. "We invest a lot in keeping users safe from bad apps, malicious developers and new trends of abuse," the spokesman added.

Now on iPhone

Lookout's investigation into the Android version of malware caused its discovery in iOS.

Unlike the Android version, malicious software is not distributed through the App Store, but through the Apple Developer Enterprise program, which allows organizations to distribute their own and own applications to their employees, # 39; App Store, Lookout said.

However, some malicious groups have exploited it, said Sunday, Domingo, Senior Director of Modern Security OS, Symantec. These groups "misused the business application" loop-hole "certificate to avoid the process of reviewing the App Store and get their" sideloaded "applications on target devices," he said .

This is a new twist and, potentially, a sign of things to come. "The fact that using this" backdoor "from the Apple Enterprise Developer Program is quite new and it is likely that another aspect that other players may try to do when they are directed to iOS users," said Adam Kujawa, director of Malwarebytes Labs, to Fox News.

Because the App Store is safe, malware providers have had to make an alternative route, Kujawa said. "Apple has a more closed app store, but it is not possible to try to enter it in the legitimate repository of applications."

Instead of that, the attackers are setting up fishing sites, which they claim to be mobile operators, Kujawa added. "From these pages there are links to install what the user thinks are useful applications of their mobile operator …[but] These links will navigate the user to download the application to the iOS device. "


"They are capable of doing so by having assigned a legitimate company certificate to this application, especially the company Connexxa S.R.L.", continued Kujawa.

The iOS version is more limited than the Android variant, but it still can archive personal data and listen to the microphone, Kujawa said. But once Apple was aware of this, they classified the blacklist of the certificate used by the application.


Source link