An application is capable of spying on your messages and location on iPhone
Table of contents:
We know that a new Android virus is created approximately every seven seconds. But the truth is that iOS users are not free from being plagued by a malware threat.
Now a group of security researchers from the firm Lookout have revealed that there is a powerful application like can act as a surveillance system on iPhoneThis would be a tool that, although it was designed for Android, could now function as an attack system for iOS devices.
The spy app was created by a developer who took advantage of Apple-issued enterprise certificates to bypass the company's own controls in its app store and from there, infect victims' devices
How does the application work once installed?
Once Apple's controls are passed, the application is installed on the device and begins to do its thing. Some of the outrages it commits while at the heart of the phone is accessing the list of contacts, make audio recordings, photos, videos and access much more data of the victim's device, including real-time location data.
The app can also activate a recorder remotely, so the cybercriminals behind this spy app can also listen in on people's conversations .
At the moment there is no information on what type of users could have been affected by this threat. All that is known is that downloads have been made from fake sites from Italy or Turkmenistan.
There was already an application for Android
Researchers have found a link between this iOS app and a previously discovered Android app created by an Italian developer of surveillance applications called Connexxa.
The application was called Exodus and was available for Android. By the time it was fully active, reached hundreds of victims, who installed it on their devices and were thus infected The application was capable of completely opening the doors to computer information cybercriminals: we mean full data access to the device, such as emails, mobile data, WiFi passwords, etc.
There are certain indicators that reveal that the person behind the creation of this application would be a professional group. Both applications used the same backend infrastructure and the iOS one was built using different techniques, such as certificate fixing, to make it difficult to analyze traffic In the net.
The Android application could be downloaded directly from the official store, the Google Play Store. In contrast, the iOS version was not distributed as widely.
Apple has explained that what this application has done is violate the rules of its own service, since these prohibit it from certificates designed to be used in internal applications are sent to consumers. However, these were not the first to do this.
Companies such as Facebook or Google have already been reported previously for having used certificates for companies to sign applications that ultimately reached consumers .
