Researchers have revealed that a spyware app previously found to target Android devices has also been pursuing iPhone users. On April 8, mobile security firm Lookout announced that an iOS version of the spyware known as Exodus had been made available to iPhone users through phishing sites that imitated Italian and Turkmen mobile carriers.
These sites would direct unsuspecting victims to download an app disguised to offer mobile carrier support. The app was then able to extract contacts, audio recordings, photos, locations and more from devices.
“Though different versions of the app vary in structure, malicious code was initialised at application launch without the user’s knowledge, and a number of timers were set up to gather and upload data periodically,” said Adam Bauer, a senior security intelligence engineer at Lookout.
An iOS version of the spyware known as Exodus had been made available to iPhone users through phishing sites that imitated Italian and Turkmen mobile carriers
The Android apps, which were uncovered in March, were subsequently removed from the Google Play Store, but not before being downloaded hundreds of times. According to an investigation by the non-profit Security Without Borders, the apps were capable of gaining root access once installed onto devices, allowing the spyware to extract data from messaging apps, read emails, take pictures and unveil Wi-Fi passwords.
One difference between the Android and iOS cases was that while hackers were able to put their Android apps straight into the Google Play Store, they needed to use the Apple Developer Enterprise Programme to bypass Apple’s tightly controlled App Store. Apple has now revoked the enterprise certificates, meaning the app can no longer be installed on iOS devices and existing installations will not run.
However, this is only the latest in a string of controversies surrounding Apple’s enterprise certificates. In February, an investigation by Reuters found that software pirates were distributing hacked versions of popular apps through the certificates. Before that, TechCrunch reported that Facebook was distributing an app to teenagers that would extract their data in exchange for $20 gift cards.
While Apple previously told Reuters that it would crack down on developers abusing its enterprise certificates, it is clear there is still some cleaning up to do.