Researchers at the security firm Lookout recently found that Exodus spyware which generally targeted the Android devices is now making an entry into the iOS devices as well. According to the reports, the spyware exploitation has been only found in the third-party app stores. So, you can exhale a sigh of relief if you have never installed an app from the third party app stores. While the malware is expected to be a critical bug to spy on your confidential documents and images, it hasn’t been able to perforate the thick wall of Apple’s official app store.
According to the Lookout team, Exodus was found on many phishing sites and it was not restricted to Androids only. The iOS version of the spyware was designed users in Italy and Turkmenistan. When installed on a device, the software is able to retrieve possible information on the device and can steal valuable resources such as contacts, photos, videos, audio recordings, and device location. It is speculated that the attacker will be able to perform on demand audio recording to record valuable information like your debit card PIN, password, etc.
The exodus attacks
The first sight of the iOS variant in the mobile carriers was found to be uploading stolen data and information to a server which was previously used by the Android version of the malware, indicating a connection between the attacks.
It has been found that the exodus attack used Apple signed enterprise certificates which made it possible for the victims to install an app even from outside the App Store. Apple has, however, revoked the certificates barring the attackers to enter other iOS devices. Furthermore, it should be noted that no iOS device is perfectly immune to malware attacks and it is required for the users to cling to Apple’s official App Store to avoid falling prey to such nuances.