Security researchers at FireEye have determined that the iOS malware “Masque Attack” — that they first discovered — is currently being used by hackers. Masque Attack is an iOS vulnerability that allows a legitimate app to be replaced by a compromised version of the same app provided that their app bundle identifiers match. We’ll again start with the good news — you shouldn’t have to worry too much about this malware, as the bundle identifier exploit has been almost completely patched by Apple in iOS version 8.1.3 and can be avoided entirely by only downloading apps and games from iTunes.
The hackers taking advantage of this exploit aren’t being too coy about it though. They’ve manipulated and re-distributed some of the most popular apps available on iOS to spread their malware. Apps such as WhatsApp, Twitter, Facebook, Facebook Messenger, WeChat, Google Chrome, Skype, and others have been re-compiled in ways that would allow the hackers to access all aspects of the target’s phone. FireEye outlines how upon install, the compromised app will immediately request app permissions in rapid succession:
While it’s possible for iOS apps to re-request permissions periodically, they typically request when the permission is actually used, and not one after another as in the screenshot above. As is often the case, simply looking for something that seems out of the ordinary like this could save you potential headaches in the future.
I mentioned that the bundle identifier exploit was “almost completely” patched in iOS 8.1.3, because as is often the case, hackers will almost always adjust their tactics when one exploit has been closed. In this case, a random bundle identifier can be used, which FireEye says changes the type of attack to an “Enpublic attack” rather than “Masque attack.”
The real takeaway from all of this is that the cat and mouse game of technology companies versus hackers doesn’t seem to be showing any signs of slowing down. Though by keeping your iPhone updated with the newest version of iOS, and only downloading apps and games through the App Store you should — at this point — stay relatively safe. At least until hackers figure out a way to infiltrate iTunes. I probably shouldn’t give them any ideas.
What do you think? Are you worried about iOS malware? Do you side-load apps on your iPhone? Let us know in the comments, or on your favorite social media sites.