Exodus spyware Discovered In Apple ios

Android version of Exodus malware finds its way to iOS devices

Cybersecurity company Lookout’s researchers have lately found an iOS version of a strong mobile phone spyware instrument that targets iPhone users.

Last month, scientists from a non-profit safety organisation,’ Security Without Borders,’ revealed discovering several Android versions (approximately 25) of the same malware, dubbed’ Exodus,’ being uploaded to the Play Store of Google. When the issue was notified to Google, the search giant removed from Italian mobile operators the infected applications disguised as service apps.

Exodus for Android consists of three separate phases under construction for at least five years. First, there is a tiny dropper that gathers fundamental information about a targeted device such as an IMEI number, telephone number, and place of GPS. The second phase comprises of various binary packages that implement most of the monitoring functionality. The third phase finally utilizes the exploit of DirtyCOW (CVE-2016-5195) to acquire root privileges on a targeted device.

Once effectively installed, an comprehensive quantity of monitoring can be done by Exodus for Android. The malware is intended to continue working even when the screen is turned off on the infected device.

The spyware that was originally created to target Android devices now appears to have discovered a way to iPhones, Lookout report, and Borders-Free Security. Researchers think that this malware is distributed as so-called’ lawful intercept’ software that law enforcement and governments usually use.

The malicious software disguised itself as a carrier aid app that can secretly steal the contacts, pictures, videos and audio recordings of the victim, GPS information, and their location data in real time. An intruder might also use the app to listen to victims ‘ audio recordings.

The iOS variants of the malware were accessible outside the App Store through phishing locations, according to Lookout, which replicated mobile carriers from Italy and Turkmenistan.

“Analysis of these Android samples resulted to the discovery of infrastructure containing several iOS port samples. To date, this software has been made accessible (along with the Android version) through phishing locations that imitated mobile carriers in Italy and Turkmenistan. “reads Lookout’s assessment.

The phishing sites tricked users into thinking they were legit mobile carrier portals. While bypassing Apple’s App Store is hard, the developer appears to have misused their Apple-issued Developer Enterprise program certificates to infect unsuspecting victims.

“The Apple Developer Enterprise program is designed to enable organisations to distribute proprietary, in-house applications to their staff without using the iOS App Store,” clarified Lookout scientists. “A company can access this program only if it fulfills Apple’s demands. Using this program to distribute malware is not prevalent, although there have been previous instances where writers of malware have done so.”

Exodus ‘ iOS variant uploaded the stolen data to the same server as the Android malware, indicating it’s the work of an Italian business called eSurv, focusing on video surveillance software and image recognition systems. According to Security Without Borders, eSurv, once a company unit of Connexxa, a well-known supplier of monitoring instruments to Italian police, has been developing spyware since at least 2016.

However, not as advanced as Android malware are theiOS variants. “The iOS version can only exfiltrate a restricted number of information as it is restricted to information that can be accessed via iOS APIs,” said Christoph Hebeisen, Lookout’s senior safety intelligence manager.

After scientists revealed their results, Apple revoked the company certificate of the app maker, preventing malicious applications from being installed on fresh iPhones and unable to operate on infected systems.

While Exodus has probably infected “several hundred if not a thousand or more” phones for Android, it is not apparent how many Apple users have been impacted by the malware’s iOS variant.


Please enter your comment!
Please enter your name here