Search This Blog

Showing posts with label iPhone Malware. Show all posts

iPhone hacking sites were also after Android, Windows users

Those hackers Google’s researchers sussed out earlier this week apparently went after more than just iPhone users. Microsoft’s operating system along with Google’s own were also targeted, according to Forbes, in what some reports are calling a possibly state-backed effort to spy on the Uighur ethnic group in China.

Google’s Threat Analysis Group was the first to discover the scheme earlier this year (news of the campaign was first disclosed Thursday). It involved a small group of websites aiming to infect visitors’ devices to gain access to their private information, including live location data and encrypted information on apps like on WhatsApp, iMessage, and Telegram. These websites were up for two years, during which thousands of visitors purportedly accessed them each week.

In February, Google notified Apple of 14 vulnerabilities the site’s malware exploited, which the company fixed within days with iOS 12.1.4. Apple disclosed in that update that the flaws, referred to as “memory corruption” issues, were fixed with “improved input validation.” The company hasn’t publicly addressed Google’s account of the hack since the news broke earlier this week.

While the Google team only reported iPhone users being targeted by this attack, sources familiar with the matter told Forbes that devices using Google and Microsoft operating systems were also targeted by these same sites. Thus widening the potential scale of an already unprecedented attack.

Whether Google found or shared evidence of this is unclear, as is whether the attackers used the same method of attack as they did with iPhone users, which involved attempting to sneak malicious code onto users’ phones upon their visit to the infected websites. When asked about these reported developments, a Google spokesperson said the company had no new information to disclose. We also reached out to Microsoft and will update this article with their statements.

Google Project Zero Discovers Malicious Website Exploits which Affected iPhone Users

Researchers at Google Project Zero discovered an attack against iOS users which is present in the form of a malware hidden in hacked websites.

The malware stealthily installs itself for the users surfing any of the hacked websites, which have a readership base of thousands.

Once the malware is installed, it makes the iPhone act as a clandestine spying device which traces the contacts, location and messages, allowing hackers to get an overview of the victim's life and habits.

The malware extends the collection of data up to the popular third party apps such as Gmail, Whatsapp and Google Maps; it is configured to steal files and upload live location data of the owner.

The hub of white hat hackers, Google's Project Zero Division, which excelled in discovering multiple bugs and vulnerabilities, said that these attacks are based in a series of hacked sites, that were said to be randomly disseminating malware to iOS users.

The particular series of attack stands out as most of the attacks are more targeted in scope, however these attacks affected people who happened to surf one of the hacked websites.

Explaining  the issue, Ian Beer from Project Zero, says, "Real users make risk decisions based on the public perception of the security of these devices. The reality remains that security protections will never eliminate the risk of attack if you're being targeted. To be targeted might mean simply being born in a certain geographic region or being part of a certain ethnic group.

"All that users can do is be conscious of the fact that mass exploitation still exists and behave accordingly; treating their mobile devices as both integral to their modern lives, yet also as devices which when compromised, can upload their every action into a database to potentially be used against them."

Find & Call : malicious iPhone App Found in Apple's iTunes Store

The recent report from Kaspersky on malicious iPhone app spreads like a wildfire on the Internet. Security experts were debating after Kaspersky Lab's Denis Maslennikov said that a Trojan horse - malicious software that pretends to be something innocuous - had gotten past Apple's famously tough App Store vetting process, which has never before let in real malware.

"The application is called 'Find and Call' and can be found in both the iOS Apple App Store and Android’s Google Play," Maslennikov wrote in a blog posting.

Find and Call, made by a Russian firm, claims to be an app that lets you make phone calls by simply typing in or clicking a contact's email address or social-network handle — admittedly a useful idea.

"In order to call somebody from your mobile phone, you can use an email address, a domain name, a profile address in a social network, etc., instead of a phone number just as easily," states the Find and Call official website.

But Maslennikov said Find and Call also copies a user's entire address book to its own servers, and sends out spam text messages to everyone in the address book imploring them to also install the app.

Screenshots of complaints by angry Russian users in the iOS App Store and Google Play, and Maslennikov's own screenshots of code within the app, support his assertion.

Nowhere in Find and Call's terms of use does it say that the app will copy your address book or send out text messages to your friends, Maslennikov said.

An email from Find and Call support staff to the Russian site stated that the sending of "inviting SMS messages" was a "bug in process of fixing."

Sophos Labs' Vanja Svajcer had doubts about whether this behavior really was malicious, or just annoying.

"I'm not sure I 100 percent agree with Kaspersky that it is malware," Svajcer wrote on Sophos' Naked Security blog. "It would probably be more accurate to say that the 'Find and Call' app is 'spammy.'"

Both Google and Apple have removed the app from their websites.

According to softpedia report, Find and Call's creators have contacted and told them that the app is still in "beta-testing." The fact that SMSs are sent out to all the contacts is allegedly just a bug.