New iPhone Malware Steals Photos, Texts, Contacts and Location
It’s not uncommon for electronics to be vulnerable to viruses, including malware. While Apple products claim to be exempt from most computer viruses, they aren’t safe from malicious malware on their Mac, iPhone and iPad electronics.
Trend Micro claims they’ve discovered a new malware that infects any iPhone running on iOS 7 and iOS 8 operating systems. The exact methods of infections are unknown, but through standard phishing attacks, the virus may be sent from one person to the next with an encouraging message to click a link. Once the link is clicked, the malware is installed and runs rampant on the phone.
The iPhone malware is known by the name XAgent. It collects text messages, contacts, photos and all location data to track users wherever they go, as long as the malware remains installed.
Upon identifying XAgent, Trend Micro explained how it works and the severity of the issue.
The XAgent app is fully functional malware. After being installed on iOS 7, the app’s icon is hidden and it runs in the background immediately. When we try to terminate it by killing the process, it will restart almost immediately.
Interestingly enough, a different process occurs when the malware is installed on an iPhone running iOS 8, suggesting to Trend Micro that the specific virus was created prior to the update’s release.
Installing the malware into an iOS 8 device yields different results. The icon is not hidden and it also cannot restart automatically. This suggests that the malware was designed prior to the release of iOS 8 last September 2014.
iPhone Targets and Russian Hackers
According to Trend Micro, the iPhone malware was created by a group of Russian hackers. Russia seems to be behind a slew of hacks recently, including the major Sony Pictures Entertainment hack that occurred in December.
Although their targets may be companies most of the time, Trend Micro believes the specific Russian group is targeting governments, military and media outlets. XAgent apparently may have been designed to help the group gather highly sensitive information from specific targets.
The hacker group in question is suspected as Operation Pawn Storm.
“The actors of Pawn Storm tend to first move a lot of pawns in the hopes they come close to their actual, high profile targets. When they finally successfully infect a high profile target, they might decide to move their next pawn forward: advanced espionage malware.”
“The iOS malware we found is among those advanced malware. We believe the iOS malware gets installed on already compromised systems, and it is very similar to next stage SEDNIT malware we have found for Microsoft Windows’ systems.”
This specific hacker group is known for their political operations that attack multiple high profile targets. It is unknown how many iPhones are currently infected, but more than 200 million Apple devices currently run on the iOS 8 operating system and may be at risk, at the very least.
Images from Pixabay and Shutterstock.