Search This Blog

Showing posts with label iOS Malware. Show all posts

17 Trojan infested apps you need to delete from your iPhone right now!


Just like the ancient Greek story, where soldiers sneak into the gates of troy by hiding inside a wooden horse similarly Trojans sneak in your phone in the face of harmless apps that you voluntarily install. Apple users are being warned about such apps, to check their devices against a list of malware apps and delete them according to a report by Wandera.

Research team at Wandera, a software-as-a-service firm, has identified 17 apps that install malicious Trojan module on iOS devices. Apple says that the infected apps have been removed from the app store but after examination they found that the apps did not contain the claimed Trojan malware. Instead, the apps were removed because of being adware specifically called the "clicker Trojan malware" and included code that enabled artificial click-through of add and made it seem like you viewed an advertisement which is against App Store's guidelines. Apple further said that the protective tools of App Store have been updated to detect such apps.

 Below is the list of infected apps:

RTO Vehicle Information
EMI Calculator & Loan Planner
File Manager - Documents
Smart GPS Speedometer
CrickOne - Live Cricket Scores
Daily Fitness - Yoga Poses
FM Radio PRO - Internet Radio
My Train Info - IRCTC & PNR​ (not listed under developer profile)
Around Me Place Finder
Easy Contacts Backup Manager
Ramadan Times 2019
Pro Restaurant Finder - Find Food
BMI Calculator PRO - BMR Calc
Dual Accounts Pro
Video Editor - Mute Video
Islamic World PRO - Qibla
Smart Video Compressor

The developer of these is AppAspect Technologies, from India with apps for iOS as well as Android. Wandera said that on examining these apps, they didn't contain the clicker Trojan malware but they used too. Covington thinks it's a possibility that they used to contain Trojan but were pulled from the store, and republished after removing the Trojan module, perhaps the bust on Play store made them retreat and focus their attention on iOS.

According to Wandera, the Trojan not only performed adware but also steal information and data to send to external command or controller, create back-doors, performance degradation, battery drain and heavy bandwidth use. The fact that they published on App Store and remained undetected is alone a matter of concern. “We were amazed with this one,” Wandera VP Michael Covington said in a statement to Forbes. “We've seen a couple of issues creep into the Apple App Store over the last few months—and it always seems to be the network element.”

Apple stands it's ground that any such Trojan malware existed, saying there was no danger beyond ad click-through fraud. But the good news is, the problem is solved on deleting the apps and no remains are left behind. “There is no access to special frameworks that might have left something behind,” Covington explained.

Google Project Zero Discovers Malicious Website Exploits which Affected iPhone Users



Researchers at Google Project Zero discovered an attack against iOS users which is present in the form of a malware hidden in hacked websites.

The malware stealthily installs itself for the users surfing any of the hacked websites, which have a readership base of thousands.

Once the malware is installed, it makes the iPhone act as a clandestine spying device which traces the contacts, location and messages, allowing hackers to get an overview of the victim's life and habits.

The malware extends the collection of data up to the popular third party apps such as Gmail, Whatsapp and Google Maps; it is configured to steal files and upload live location data of the owner.

The hub of white hat hackers, Google's Project Zero Division, which excelled in discovering multiple bugs and vulnerabilities, said that these attacks are based in a series of hacked sites, that were said to be randomly disseminating malware to iOS users.

The particular series of attack stands out as most of the attacks are more targeted in scope, however these attacks affected people who happened to surf one of the hacked websites.

Explaining  the issue, Ian Beer from Project Zero, says, "Real users make risk decisions based on the public perception of the security of these devices. The reality remains that security protections will never eliminate the risk of attack if you're being targeted. To be targeted might mean simply being born in a certain geographic region or being part of a certain ethnic group.

"All that users can do is be conscious of the fact that mass exploitation still exists and behave accordingly; treating their mobile devices as both integral to their modern lives, yet also as devices which when compromised, can upload their every action into a database to potentially be used against them."

iOS malware steals over 225,000 Apple accounts to create free App Utopia


Researcher from Palo Alto Networks, a computer security firm, have found out that hackers, who have targeting jail-broken iPhones, have raided more than 225,000 Apple accounts, using them for app buying sprees or to hold phones for ransom.

The jailbreak is a tool in iPhones to use additional iThing tweaks available through the alternative Cydia store, and for some to pirate software by installing ripped-off apps for free.

“In cooperation with WeipTech, we have identified 92 samples of a new iOS malware family in the wild. We have analyzed the samples to determine the author’s ultimate goal and have named this malware “KeyRaider”. We believe this to be the largest known Apple account theft caused by malware,” the researchers posted in a blog.

Claud Xiao, a researcher, said that the KeyRaider malware, hidden in jailbreaking utilities, is slurping login credentials and GUIDs from the user's iTunes data, and siphoning them off to remote servers.

"We believe this to be the largest known Apple account theft caused by malware," Xiao said. "The malware hooks system processes through MobileSubstrate, and steals Apple account usernames, passwords and device GUID by intercepting iTunes traffic on the device.”

He confirmed that the purpose of the attack was to make it possible for users of two iOS jailbreak tweaks to download applications from the official App Store and make in-app purchases without actually paying.

It is said that especially the people in China got affected but herald from 17 other countries including France, Russia, Japan, United Kingdom, United States, Canada, Germany, Australia, Israel, Italy, Spain, Singapore, and South Korea from the attack.

Similarly, some people said that they were being locked out of phones and forced to pay ransoms.


According to the researchers, the attack was discovered by a Yangzhou University student known as i_82 who worked with Xiao alongside a group. They exploited an SQL injection vulnerability on the bad guy's server to learn about the attack. They siphoned about half of the stolen accounts before the VXer became savvy and punted the white hats. They have now set up a website for users to check if they are impacted.