IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

iOS 8 malware can snoop on messages, photos & location data

iOS spyware can access users' text messages, photos and contact lists

Spyware targeting iOS 7 and iOS 8 devices has been uncovered by security firm Trend Micro, who claim it could be used to steal users' text messages, photos and contact data.

The surveillance software is one of a number of tools used by members of Operation Pawn Storm, an ongoing cyber-espionage project targeting government, military and media organisations.

"The actors of Pawn Storm tend to first move a lot of pawns in the hopes they come close to their actual, high-profile targets," the company said in a blog post.

"When they finally successfully infect [one], they might decide to move their next pawn forward: advanced espionage malware."

The spyware highlighted by Trend Micro falls into the latter category, and tends to be installed on devices that have already been compromised in the form of two malicious applications - XAgent (detected as IOS_XAGENT.A) and the one using the name of a legitimate iOS game, MadCap (detected as IOS_ XAGENT.B).

Their aim is to spy on activities of iOS device users and in the process steal their personal data, take screenshots, record audio and pass this data on to a command-and-control (C&C) server somewhere.

While the spyware works on iOS 7 and iOS 8 devices, its modus operandi depends on the operating system being used.

"After being installed on iOS 7, the app's icon is hidden and it runs in the background immediately. When we try to terminate it by killing the process, it will restart almost immediately.

"Installing the malware into an iOS 8 device yields different results. The icon is not hidden and it also cannot restart automatically. This suggests that malware was designed prior to the release of iOS 8 last September."

Interestingly, iOS devices do not need to be jailbroken in order to fall victim to this malware, Trend Micro added, and infection could be caused by connecting them to another compromised piece of hardware.

"One possible scenario is infecting an iPhone after connecting it to a compromised or infected Windows laptop via a USB cable," the blog post concluded. 

Featured Resources

2022 State of the multi-cloud report

What are the biggest multi-cloud motivations for decision-makers, and what are the leading challenges

Free Download

The Total Economic Impact™ of IBM robotic process automation

Cost savings and business benefits enabled by robotic process automation

Free Download

Multi-cloud data integration for data leaders

A holistic data-fabric approach to multi-cloud integration

Free Download

MLOps and trustworthy AI for data leaders

A data fabric approach to MLOps and trustworthy AI

Free Download

Recommended

'Potentially unsecured' SMBs are propping up an IT supply chain riddled with ransomware
ransomware

'Potentially unsecured' SMBs are propping up an IT supply chain riddled with ransomware

6 Sep 2022
The secure cloud configuration imperative
Whitepaper

The secure cloud configuration imperative

7 Mar 2022
The secure cloud configuration imperative
Whitepaper

The secure cloud configuration imperative

7 Mar 2022
Trend Micro Worry-Free Business Security review: Great cloud-managed malware protection
endpoint security

Trend Micro Worry-Free Business Security review: Great cloud-managed malware protection

7 Dec 2021

Most Popular

Empowering employees to truly work anywhere
Sponsored

Empowering employees to truly work anywhere

22 Nov 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

15 Nov 2022
The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

14 Nov 2022