Hackers infect government iPhones, the defense department and media
Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!Tweet Share on Twitter.
February 5, 2015
Hackers, potentially from Russia are infecting the iPhones linked to government, defence and media sectors with dangerous spy malware capable of breaching non-jailbroken devices, internet security researchers said earlier today.
Unveiled in 2014, the X-Agent malware part of attacks against Windows devices has moved to Apple's iOS targeting iOS 7 and to a lesser effect, iOS 8.
About 23.4 percent of Apple users still run iOS 7 on their iPhones. Trend Micro threat researchers Lambert Sun, Brooks Hong and Feike Hacquebord recently said that the malware could monitor and siphon media, directories, text messages to remote servers, then capture photos and also audio on jailbroken devices.
"Make no mistake: the X-Agent app is fully functional malware and can cause you a lot of security issues," the trio said in a research brief.
"However, the exact methods of installing this malware is still unknown, but we do know that the iOS device doesn't have to be jailbroken. We have seen one instance wherein a lure involving X-Agent simply says 'tap here to install the application'."
That attack relied on Apple's ad hoc provisioning used by app developers to enable the installation with a link.
To be sure, various attacks against iOS 7 devices quietly restarted when closed and remained invisible to the user as a background process.
It fared far worse on iOS 8 where it had to be manually started on reboot by victims and could not hide.
Researchers said the malware appeared to be carefully maintained and consistently updated. XAgent was tied to a campaign dubbed Operation Pawn Storm targeting anti-Russian actors linked to the Ukraine conflict which used 'typo-squatting' and phishing techniques to compromise high-profile victims.
The command and control server used in the attacks was in operation at the time of research, and many say that it uses IP spoofing and that the server is located in Russia.
It's a well-known fact that Russia is a near paradise for hackers, since 2013 when the country welcomed NSA's leaker-turned-spy Edward Snowden. Still living in Russia, Snowden has near diplomatic immunity from Vladimir Putin.
It will be interesting to see if in the next few years Snowden's status will change. Several experts close to the matter think nothing will change, and that Russia will continue to defend Snowden.
On August 1, 2013, Edward Snowden was granted temporary asylum in Russia, and that has greatly increased tensions between the United States and Russia.
Vladimir Putin's decision to grant the former CIA technician political asylum has allowed the 32-year-old individual to leave the transit area of Moscow's Sheremetyevo airport, where he had been stuck in limbo for several weeks following his flight from Hong Kong on June 23, 2013.
Source: Trend Micro.
Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!