#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

iOS Malware | Breaking Cybersecurity News | The Hacker News

Hackers Used Local News Sites to Install Spyware On iPhones

Hackers Used Local News Sites to Install Spyware On iPhones

Mar 27, 2020
A newly discovered watering-hole campaign is targeting Apple iPhone users in Hong Kong by using malicious website links as a lure to install spyware on the devices. According to research published by Trend Micro and Kaspersky , the " Operation Poisoned News " attack leverages a remote iOS exploit chain to deploy a feature-rich implant called 'LightSpy' through links to local news websites, which when clicked, executes the malware payload and allows an interloper to exfiltrate sensitive data from the affected device and even take full control. Watering-hole attacks typically let a bad actor compromise a specific group of end-users by infecting websites that they are known to visit, with an intention to gain access to the victim's device and load it with malware. The APT group, dubbed "TwoSail Junk" by Kaspersky, is said to be leveraging vulnerabilities present in iOS 12.1 and 12.2 spanning all models from iPhone 6 to the iPhone X, with the attac
'Exodus' Surveillance Malware Found Targeting Apple iOS Users

'Exodus' Surveillance Malware Found Targeting Apple iOS Users

Apr 09, 2019
Cybersecurity researchers have discovered an iOS version of the powerful mobile phone surveillance app that was initially targeting Android devices through apps on the official Google Play Store. Dubbed Exodus , as the malware is called, the iOS version of the spyware was discovered by security researchers at LookOut during their analysis of its Android samples they had found last year. Unlike its Android variant, the iOS version of Exodus has been distributed outside of the official App Store, primarily through phishing websites that imitate Italian and Turkmenistani mobile carriers. Since Apple restricts direct installation of apps outside of its official app store, the iOS version of Exodus is abusing the Apple Developer Enterprise program, which allows enterprises to distribute their own in-house apps directly to their employees without needing to use the iOS App Store. "Each of the phishing sites contained links to a distribution manifest, which contained metadata
How to Find and Fix Risky Sharing in Google Drive

How to Find and Fix Risky Sharing in Google Drive

Mar 06, 2024Data Security / Cloud Security
Every Google Workspace administrator knows how quickly Google Drive becomes a messy sprawl of loosely shared confidential information. This isn't anyone's fault; it's inevitable as your productivity suite is purposefully designed to enable real-time collaboration – both internally and externally.  For Security & Risk Management teams, the untenable risk of any Google Drive footprint lies in the toxic combinations of sensitive data, excessive permissions, and improper sharing. However, it can be challenging to differentiate between typical business practices and potential risks without fully understanding the context and intent.  Material Security, a company renowned for its innovative method of protecting sensitive data within employee mailboxes, has recently launched  Data Protection for Google Drive  to safeguard the sprawl of confidential information scattered throughout Google Drive with a powerful discovery and remediation toolkit. How Material Security helps organ
Chinese Ad Firm Infected 85 Million Android Users to Get More Clicks

Chinese Ad Firm Infected 85 Million Android Users to Get More Clicks

Jul 05, 2016
An Android-based malware campaign has been found to control as many as 85 million Android devices globally and is making its gang an estimated $300,000 per month in fraudulent ad revenue. A Chinese advertising company called Yingmob is responsible for distributing the malware on a massive scale and would appear to be the same firm behind Yispecter iOS malware , cybersecurity company Check Point revealed. Yingmob, based in Chongqing, China, markets itself as an advertising firm, claiming to provide easy-to-deploy ads support (text, pictures and video ads), without affecting the user experience. The service offers pop-up, sidebar, and in-app ads. However, Check Point researchers claim that the company's "Development Team for Overseas Platform" is responsible for two of the biggest waves of malware: HummingBad for Android and Yispecter for iOS. "Yingmob runs alongside a legitimate Chinese advertising analytics company, sharing its resources and technolog
cyber security

Uncover Critical Gaps in 7 Core Areas of Your Cybersecurity Program

websiteArmor PointCyber Security / Assessment
Turn potential vulnerabilities into strengths. Start evaluating your defenses today. Download the Checklist.
Warning — Hackers can Silently Install Malware to Non-Jailbroken iOS Devices

Warning — Hackers can Silently Install Malware to Non-Jailbroken iOS Devices

Mar 17, 2016
Hard time for mobile phone users! Just recently, two severe vulnerabilities in Qualcomm Snapdragon chip and Stagefright were spotted on the Android platform, affecting more than a Billion and Millions of devices respectively. And now: Hackers have discovered a new way to install malicious apps onto your iPhone without your interaction. Researchers at Palo Alto Networks have uncovered a new strain of malware that can infect Non-Jailbroken (factory-configured) iPhones and iPads without the owner's knowledge or interaction, leaving hundreds of millions of Apple iOS devices at risk. Dubbed AceDeceiver , the iPhone malware installs itself on iOS devices without enterprise certificates and exploits designing flaws in Apple's digital rights management (DRM) protection mechanism called FairPlay. What's more concerning about this malware: Unlike most iOS malware, AceDeceiver works on factory-configured (non-jailbroken) iOS devices as well. FairPlay
Warning — Popular 'Hot Patching' Technique Puts iOS Users At Risk

Warning — Popular 'Hot Patching' Technique Puts iOS Users At Risk

Feb 01, 2016
Do you know?… Any iOS app downloaded from Apple's official App Store has an ability to update itself from any 3rd-party server automatically without your knowledge. Yes, it is possible, and you could end up downloading malware on your iPhone or iPad. Unlike Google, Apple has made remarkable efforts to create and maintain a healthy and clean ecosystem of its official App Store. Although Apple's review process and standards for security and integrity are intended to protect iOS users, developers found the process time consuming and extremely frustrating while issuing a patch for a severe bug or security flaw impacting existing app users. To overcome this problem, Apple designed a set of solutions to make it easier for iOS app developers to push straightway out hotfixes and updates to app users without going through Apple's review process. Sounds great, but here's the Kick: Malicious app developers can abuse These solutions, potentially allowing th
More than 250 iOS Apps Caught Using Private APIs to Collect Users' Private Data

More than 250 iOS Apps Caught Using Private APIs to Collect Users' Private Data

Oct 20, 2015
Apple is cleaning up its iTunes App Store again – for the third time in two months – following another flood of iOS apps that secretly collect users' personal information. Researchers discovered more than 250 iOS apps that were violating Apple's App Store privacy policy , gathering personal identifiable data from almost one Million users estimated to have downloaded those offending apps. The offending iOS applications have been pulled out of the App Store after an analytics service SourceDNA reported the issue. After XcodeGhost , this is the second time when Apple is cleaning its App Store. Malicious iOS Apps Stealing Users' Private Info The malicious applications were developed using a third-party software development kit (SDK) provided by Youmi, a Chinese advertising company. Once compiled and distributed on Apple's official App Store, those apps secretly accessed and stored users' personal information, including: A list of apps installed on the victim's phone Serial nu
How to Protect Yourself against XcodeGhost like iOS Malware Attacks

How to Protect Yourself against XcodeGhost like iOS Malware Attacks

Oct 19, 2015
Recently, Chinese iOS developers have discovered a new OS X and iOS malware dubbed XcodeGhost that has appeared in malicious versions of Xcode, Apple's official toolkit for developing iOS and OS X apps. The hack of Apple's Xcode involves infecting the compiler with malware and then passing that malware onto the compiled software. This is a unique approach because the hack does not attempt to inject attack code into a single app, and then try and sneak that past Apple's automated and human reviewers. Instead, the malicious code is infected on Xcode itself, which is used by software developers to craft and develop the apps for iOS and OS X operating system. The primary behavior of XcodeGhost in infected iOS apps is to collect information on devices and upload that data to command and control (C2) servers. Once the malware has established a foothold on infected devices, it has the ability to phish user credentials via fake warning boxes, open specific URLs in a
YiSpecter — First iOS Malware that Attacks both: Non-jailbroken and Jailbroken Devices

YiSpecter — First iOS Malware that Attacks both: Non-jailbroken and Jailbroken Devices

Oct 05, 2015
Less than a month after Apple suffered one of its biggest malware attacks ever, security researchers have discovered another strain of malware that they claim targets both jailbroken as well as non-jailbroken iOS devices . Last month, researchers identified more than 4,000 infected apps in Apple's official App Store, which was targeted by a malware attack in which some versions of software used by developers to build apps for iOS and OS X were infected with malware, named XcodeGhost . And Now: Researchers from a California-based network security firm Palo Alto Networks have discovered new malware that targets Apple's iOS users in China and Taiwan. Capabilities of YiSpecter Malware Dubbed YiSpecter , the malware infects iOS devices and once infected, YiSpecter can: Install unwanted apps Replace legitimate apps with ones it has downloaded Force apps to display unwanted, full-screen ads Change bookmarks as well as default search engines in Safari S
Apple's Biggest Hack Ever: 4000 Malicious iOS Store Apps Linked to CIA?

Apple's Biggest Hack Ever: 4000 Malicious iOS Store Apps Linked to CIA?

Sep 24, 2015
The First major cyber attack on Apple's App Store has now been linked to CIA (Central Intelligence Agency) . Last week, Researchers disclosed some 39 iOS apps on Apple's App Store infected by ' XCodeGhost Malware' . The Bad News is that the infection has now increased exponentially with the discovery of more than 4,000 infected apps. The XCodeGhost malware was distributed through legitimate iOS Apps via counterfeit versions of Apple's app developer toolkit called Xcode . XcodeGhost is a very harmful and dangerous piece of malware that is capable to Phish credentials, infect other apps, Hijack URLs, Steal iCloud passwords from your device and then upload them to the attacker's servers even without your knowledge. After Apple had removed nearly 300 malware-ridden iOS apps from the App Store, FireEye researchers found more than 4,000 compromised apps. The infected apps include the popular instant messaging app WeChat, Chinese Uber-like ca
Suspected Wirelurker iOS Malware Creators Arrested in China

Suspected Wirelurker iOS Malware Creators Arrested in China

Nov 18, 2014
It's been almost two weeks since the WireLurker malware existence was revealed for the first time, and Chinese authorities have arrested three suspects who are allegedly the authors of the Mac- and iOS-based malware that may have infected as many as hundreds of thousands of Apple users. The Beijing Bureau of Public security has announced the arrest of three suspects charged with distributing the WireLurker malware through a popular Chinese third-party online app store. The authorities also say the website that was responsible for spreading the malware has also been shut down. "WireLurker" malware was originally discovered earlier this month by security firm Palo Alto Networks targeting Apple users in China. The malware appeared as the first malicious software program that has ability to penetrate the iPhone's strict software controls. The main concern to worry about this threat was its ability to attack non-jailbroken iOS devices. Once a device infected
'AdThief' Chinese Malware Infects Over 75,000 Jailbroken iOS devices

'AdThief' Chinese Malware Infects Over 75,000 Jailbroken iOS devices

Aug 20, 2014
If you have jailbroken your iPhone, iPad, or iPod touch and have downloaded pirated tweaks from pirated repositories, then you may be infected by "AdThief" malware, a Chinese malware that is now installed on more than 75,000 iPhone devices. According to a recent research paper published on Virus Bulletin by the Security Researcher Axelle Apvrille , the malware, also known as " spad ," was first discovered by security researcher Claud Xiao in March this year. Till now, AdThief aka Spad malware has hijacked an estimated 22 million advertisements and stealing revenue from developers on the iOS jailbreak community, Axelle Apvrille says. The malware allegedly infects iOS jailbroken devices by disguising itself as Cydia Substrate extension, presents only on jailbroken Apple devices, when a malware infected Cydia package is downloaded and installed by the unsuspecting user. Once installed, the malware modifies certain advertisements displayed on your iOS devi
Cybersecurity Resources