The campaign targeted only a few select devices (13) that are all located in India. Thanks to the logs located on the MDM servers and the malware's command and control (C2) server, we were able to determine that the malware has been in use since August 2015. Such information can be used to manipulate a victim or even use it for blackmail or bribery.
#APPLE IOS 11.2 SERIAL#
The malicious code inserted into these apps is capable of collecting and exfiltrating information from the device, such as the phone number, serial number, location, contacts, user's photos, SMS and Telegram and WhatsApp chat messages.
The purpose of the BOptions sideloading technique is to inject a dynamic library in the application. The attacker used the BOptions sideloading technique to add features to legitimate apps, including the messaging apps WhatsApp and Telegram, that were then deployed by the MDM onto the 13 targeted devices in India. Two of them appear to test the functionality of the device, one steals SMS message contents, and the remaining two report the location of the device and can exfiltrate various data.
In this campaign we identified five applications that have been distributed by this system to the 13 targeted devices in India. Apple had already actioned 3 certificates associated with this actor when Talos reached out, and quickly moved to action the two others once Talos tied them to the threat.Īn MDM is designed to deploy applications on enrolled devices. Talos has worked closely with Apple on countering this threat. This campaign is of note since the malware goes to great lengths to replace specific mobile apps for data interception. In social engineering attacks the victim is tricked into clicking accept or giving the attacker physical access to a device. Enrollment could be done through physical access to the devices, or most likely by using social engineering to entice a user to register. At this time, we don't know how the attacker managed to enroll the targeted devices. The attacker deployed an open-source mobile device management (MDM) system to control enrolled devices. This blog post is authored by Warren Mercer and Paul Rascagneres and Andrew Williams.Ĭisco Talos has identified a highly targeted campaign against 13 iPhones which appears to be focused on India.
0 kommentar(er)
