• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • February 28th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Hacking News

A highly targeted malware campaign is spying on 13 iPhones in India

July 15th, 2018 Waqas Hacking News 0 comments
A highly targeted malware campaign is spying on 13 iPhones in India
Share on FacebookShare on Twitter

A dangerous targeted mobile malware campaign has been identified by security researchers, which is believed to have been active since August 2015. Researchers claim that the malware is discovered to be spying on 13 specific iPhones in India, which hints at the fact that this is a highly targeted campaign.

The attackers behind this campaign are also operating from India but using a Russian email address. The primary objective behind the launching of this new campaign is to steal data from the devices.

According to the findings of Cisco’s Talos security division, attackers are abusing MDM (mobile device management) protocol. MDM protocol is basically a kind of security software that is commonly used by large-scale enterprises for controlling and enforcing policies on mobile devices.

A sophisticated malware campaign is targeting 13 iPhones in India

In the campaign, the MDM protocol is remotely deploying and controlling malicious applications. Apple explains that MDM protocol “uses the Apple Push Notification Service (APNS) to deliver a wake-up message to a managed device. The device then connects to a predetermined web service to retrieve commands and return results.”

It is worth noting that for enrolling an iOS device into the MDM protocol, a user has to manually install enterprise development certificate, which is obtained by enterprises via the Apple Developer Enterprise Program and the configuration file of the protocol is delivered via email or webpage using Apple Configurator.

See: iPhone apps can access cameras to secretly take photos and record videos

The attacker(s) enrolled the iPhones with two open source iOS MDM servers to gain full control of the device and once this was done, a dynamic link library was injected to commonly used apps like WhatsApp and Telegram on the Apple mobiles. This was made possible by using BOptions sideloading technique due to which the injection library could get additional permissions, steal data and execute code from the authentic application apart from other functions.

The attacker(s) have deployed five malicious applications to test the device’s functionality, steal SMS messages contents, send out device location information and exfiltrate data. As of now, security researchers aren’t sure how the devices were enrolled onto the MDM server. Considering that every step of the enrollment procedure involves user interaction, like installation of certificate authority on the iPhone, it isn’t yet clear how attackers enrolled 13 specific iPhones into their MDM server.

A sophisticated malware campaign is targeting 13 iPhones in India

It is, however, speculated that enrollment could have been ensuring by gaining physical device access but researchers also assume that it social engineering might also have helped attackers.

Talos researchers warn that installing unverified provenance certificates can be extremely dangerous for iPhone users because when a certificate is installed outside of the trusted certificate chain of Apple iOS, the device becomes exposed to third-party attacks like this one. Moreover, the MDM certificate is equal to letting someone obtain administrator-level access to the device.

Apple has been notified about the campaign by Talos researchers, and the iPhone maker has annulled the five digital certificates that the attacker has been using.

Image credit: Depositphotos

  • Tags
  • Apple
  • Cyber Attack
  • Cyber Crime
  • hacking
  • India
  • iOS
  • iPhone
  • Russia
  • Technology
Facebook Twitter LinkedIn Pinterest
Previous article You are not alone; Instagram is down for many
Next article Road navigation systems can be spoofed using $223 equipment
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
Cryptocurrency exchange in liquidation due to hack, hacked again

Cryptocurrency exchange in liquidation due to hack, hacked again

Cl0p ransomware gang hits Aviation giant Bombardier, leaks sensitive data

Cl0p ransomware gang hits Aviation giant Bombardier, leaks sensitive data

Database with 100,300 CityBee users' login credentials leaked online

Database with 100,300 CityBee users' login credentials leaked online

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Microsoft release open-source CodeQL queries to hunt SolarWinds hacks
Microsoft

Microsoft release open-source CodeQL queries to hunt SolarWinds hacks

Hackers using malicious Firefox extension to phish Gmail credentials
Security

Hackers using malicious Firefox extension to phish Gmail credentials

Apple Glass may feature 3D Audio and Self-Cleaning in new patent
Technology News

Apple Glass may feature 3D Audio and Self-Cleaning in new patent

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us