Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Trend Micro discovers spyware designed for espionage on iOS devices

Zafirah Salim | Feb. 6, 2015
A prolific cyber-espionage group has been actively targeting politicians, journalists, military and other entities by using spyware against Apple iOS devices.

IT security firm Trend Micro published a blog post on Wednesday (Feb 4) revealing the discovery of a spyware that is designed for espionage is making its rounds on iOS devices.

The spyware is part of 'Operation Pawn Storm', which Trend Micro describes as an "active economic and political cyber-espionage operation that targets a wide range of entities, like the military, governments, defense industries, and the media." This means that intimate acquaintances of these victims serve as 'pawns' in the campaign that allows the attackers to eavesdrop on their primary targets. 

Two malicious iOS applications were found in this operation - one is called 'XAgent' and the other uses the name of a legitimate iOS game, 'MadCap'.  

The XAgent app is a fully functional malware, according to Trend Micro researchers. After being installed on iOS 7, the app's icon is hidden and it runs in the background immediately. Despite attempts to terminate the malware by killing the process, it will restart almost immediately.

However, installing XAgent into an iOS 8 device yields different results: the icon is not hidden and it also cannot restart automatically. This suggests that the malware was designed prior to the release of iOS 8 last September 2014.

Since the malware is designed to work specifically with iOS 7 devices, it is extremely worrying as "one of every five iPhones and iPads" run on this mobile operating system.

The other malware, MadCap, is similar to XAgent, except that the former is focused on recording audio. Also, MadCap can only be installed on jailbroken devices.

Following analysis, Trend Micro concluded that both are applications related to SEDNIT - which is a spyware that aims to steal personal data, record audio, make screenshots, and send them to a remote server. These malicious apps can also steal contact lists, text messages, pictures as well as location data.

Possible methods of infection

Trend Micro researchers said that they are still unable to pinpoint the exact methods of installing these malware. But like all other mobile malwares, devices can get infected simply by clicking on a compromised link, even if the device is not jailbroken. As such, users are cautioned to not install anything from a strange external link.

They added that a device could also get infected after being connected to a compromised or infected Windows laptop via USB.


Sign up for Computerworld eNewsletters.