Security researchers revealed another blow to mobile security this week, announcing that they discovered spyware specifically designed to compromise iOS devices and use the information stored on them to conduct espionage.
Analysts from security firm Trend Micro found the malicious software during an investigation into an ongoing cyber espionage operation targeting military, governmental and defense industry organizations. Other tools in this campaign include phishing schemes and malicious iframes hiding on legitimate websites. The researchers noted that while any malware targeting Apple operating systems is of consequence, this piece of software is especially worrisome because it is involved in a targeted attack.
The spyware, known as XAgent, is used to steal saved data, take screenshots and record audio and send them to a remote command and control server. According to researchers, the server was still operational as recently as this week. Once the malware is installed on an iOS 7 device, it immediately runs in the background while hiding its icon. When analysts attempted to terminate XAgent by killing the process, it was able to restart itself almost immediately. Researchers did note that the program was more easily contained on machines running iOS 8, suggesting that it was created prior to the operating system's release last September.
According to the Trend Micro report, a specific method of installing XAgent hasn't been found yet, so it could be lurking in a variety of places. The company suggested that it might infect phones after they have been connected to a compromised or infected Windows laptop through a USB cable.
Cyber espionage a growing threat to enterprises
The malware is capable of a variety of espionage activities, including collecting text messages, downloading contact lists, recording geo-location data, initiating voice recordings and accessing Wi-Fi status and lists of processes. Researchers noted that while a variant of the malware that focuses on recording audio can only be used on jailbroken devices, this version of XAgent can be used on any type of machine running iOS.
A rapidly growing number of enterprises are providing their employees with access to bring-your-own-device programs, opening themselves up to a wider variety of cyberattacks and increasing the risk of data breach. With the threat toward mobile security increasing, it has never been more important for organizations to implement strong threat detection and network monitoring services. Traditional firewalls and prevention techniques can let modern sophisticated malware fall through the cracks, allowing networks to remain infected for weeks or months before the intrusion is detected. By utilizing constant monitoring, organizations are able to keep track of the activity on their networks and identify any suspicious behavior that may suggest malicious actions. Threat information is collected and analyzed to provide a more comprehensive view of the risks facing a company so they can create a more effective defense solution.
Cybersecurity news and analysis brought to you by ArcticWolf, inventors of firebreak detection and response security services. Firebreak, when your firewall fails.