The iOS malware found is among those advanced malware and it is believed the iOS malware gets installed on already compromised systems, and it is very similar to next stage SEDNIT malware Trend Micro found for Microsoft Windows’ systems. Two malicious iOS applications were found in Operation Pawn Storm. One is called XAgent and the other one uses the name of a legitimate iOS game, MadCap. XAgent is designed to work specifically with iOS7, which is still in one of every 5 iPhones and iPads. Fortunately, for iOS 8 devices, the user will see multiple notifications that the phone is trying to install an app. And it can’t run without the user launching. Both tools have the ability to record audio, which is very intrusive, and highly suggests the targeting of offline and confidential information.
Following analysis, Trend Micro concluded that both are applications related to SEDNIT – which is a spyware that aims to steal personal data, record audio, make screenshots, and send them to a remote command-and-control (C&C) server. Some of the data theft capabilities include:
- Collect text messages
- Get contact lists
- Get pictures
- Collect geo-location data
- Start voice recording
- Get a list of installed apps
- Get a list of processes
- Obtain Wi-Fi status
There may also be other methods of infection that are used to install this particular malware. One possible scenario is infecting an iPhone after connecting it to a compromised or infected Windows laptop via a USB cable.
For a more detailed analysis of the spyware, read here.
Background of Operation Pawn Storm
Operation Pawn Storm is an active economic and political cyber-espionage operation that targets a wide range of entities, like the military, governments, defense industries, and the media.
The actors of Pawn Storm tend to first move a lot of pawns in the hopes they come close to their actual, high profile targets. When they finally successfully infect a high profile target, they might decide to move their next pawn forward: advanced espionage malware.
The iOS malware we found is among those advanced malware. We believe the iOS malware gets installed on already compromised systems, and it is very similar to next stage SEDNIT malware we have found for Microsoft Windows’ systems.
Operation Pawn Storm is an active economic and political cyber-espionage operation that targets a wide range of entities, like the military, governments, defense industries, and the media.
The actors of Pawn Storm tend to first move a lot of pawns in the hopes they come close to their actual, high profile targets. When they finally successfully infect a high profile target, they might decide to move their next pawn forward: advanced espionage malware.
The iOS malware we found is among those advanced malware. We believe the iOS malware gets installed on already compromised systems, and it is very similar to next stage SEDNIT malware we have found for Microsoft Windows’ systems.
netizens left a footprint.