For many iPhone users, the thought of being a victim to a malware attack doesn’t often cross their mind. That’s because there is a common misconception that Apple operating systems are unable to be hacked. Android users have been vulnerable to malware attacks for years, however recently there has been a hacking campaign that targets iPhone users with data-stealing and location-tracking malware.
The sophisticated mobile malware campaign has been active since August 2015, however the campaign has only come to light recently. 13 iPhones were targeted and it appears the attack was focused on India. The small number of victims has played a role in how this attack was able to fly under the radar for so long. The infected iPhones were using a range of iPhone models and various iOS versions ranging from 10.2.1 to 11.2.6.
The mobile malware gained access to the iPhones by tricking the users to download an open-source mobile device management (MDM) software package. The hackers use the MDM software to take control of the device and gives them the ability to install fake versions of the real apps.
Once the unidentified hackers were in control of the infected devices, they had access to steal various forms of sensitive information including phone number, serial number, location, photos, SMS and Telegram and WhatsApp chat messages.
Research from the campaign suggests that extensive social engineering was used as the MDM enrolment process involves multiple steps and allowing the installation of additional certificates onto the device. Malicious versions of messaging apps such as WhatsApp are pushed onto the devices via fake updates, which are then used to send information to a central command and control server. Researchers also say a certificate was left behind which included a Russian email address to throw investigators off the track.
Even though this campaign only affected a small amount of iPhone users, it acts as an important reminder for users to be mindful when providing permission and access to apps on their smartphones.