Best Top Reviews Online

Targeted by ‘Exodus’ Surveillance Malware Are Apple iOS Users

Cybersecurity researchers have uncovered an iOS version of a potent mobile phone surveillance app that initially targeted Android devices via apps in the official Google Play Store.

The iOS version of the spyware, dubbed Exodus, was discovered by security researchers at LookOut during their analysis of its Android samples discovered the previous year.

In contrast to its Android counterpart, the iOS version of Exodus has been distributed outside of the official App Store, primarily via phishing websites that impersonate Italian and Turkmen mobile carriers.

Since Apple prohibits the direct installation of apps outside of its official app store, the iOS version of Exodus is abusing the Apple Developer Enterprise program, which allows enterprises to distribute in-house apps directly to their employees without using the iOS App Store.

Each of the phishing sites contained links to a distribution manifest, which contained metadata such as the application’s name, version, icon, and the URL for the IPA file, according to a blog post by the researchers.

All of these packages utilized provisioning profiles with distribution certificates belonging to Connexxa S.R.L.

Even though the iOS variant is less sophisticated than its Android counterpart, the spyware is still capable of exfiltrating information from compromised iPhones, including contacts, audio recordings, photos, videos, GPS location, and device information.

The data is then transmitted via HTTP PUT requests to an endpoint on an attacker-controlled command and control server, which utilizes the same CnC infrastructure as the Android version and the same communication protocols.

Several technical details suggested that Exodus was the “likely result of a well-funded development effort” and was designed to target the government or law enforcement sectors.

These included the use of certificate pinning and public key encryption for C2 communications, geo-restrictions imposed by the C2 when delivering the second stage, and a comprehensive and well-implemented suite of surveillance features, according to the researchers.

Exodus was created by an Italian company known as Connexxa S.R.L. It came to light at the end of last month when white hat hackers from Security Without Borders discovered nearly 25 apps masquerading as service applications on Google Play Store, which the tech giant promptly removed after being notified.

Exodus for Android, which has been in development for at least five years, typically consists of three distinct phases. Initially, a small dropper collects basic identifying information, such as the IMEI and phone number, from the targeted device.

Multiple binary packages that deploy a well-implemented suite of surveillance capabilities constitute the second stage.

The final stage uses the infamous DirtyCOW exploit (CVE-2016-5195) to gain root access to infected mobile devices. Once successfully installed, Exodus is capable of conducting extensive surveillance.

The Android variant is also designed to continue running on infected devices with the screen off.

While the Android version of Exodus had potentially infected “several hundred, if not a thousand or more” devices, the number of iPhones infected by the iOS variant is unknown.

Apple revoked the enterprise certificate after being notified of the spyware by the Lookout researchers, preventing malicious apps from being installed on new iPhones and executed on infected devices.

This is the second time an Italian software company has been caught distributing spyware in the past year. A previously undisclosed Italian company was discovered distributing “Skygofree,” a dangerous Android spying tool that grants remote control of infected devices to hackers.

Why Trust Us?

Best Top Reviews Online was established in 2018 to provide our readers with detailed, truthful, and impartial advice on what to buy. We now have millions of monthly users from all over the world and annually evaluate over a thousand products.

The above article was written by the BestTopReviewsOnline team, which consists of some of the most knowledgeable technical experts in the United States. Our team consists of highly regarded writers with vast experience in smartphones, computer components, technology apps, security, and photography, among other fields.

Related Stories

  • All Post
  • Best Picks
  • Explainers
  • How To
  • News
  • Versus
Thousands Of Citrix Servers May Be Vulnerable To Attack

December 30, 2022

Many servers remain unpatched, researchers are warning. Numerous Citrix ADC and Gateway servers continue to be susceptible to critical vulnerabilities that were reportedly patched by the company weeks ago, according to experts. Citrix discovered and patched an “Unauthorized access to…

Get more info

Deals

Reviews

Best Products

Buying Guides

Contact Us

About Us

We provide a platform for our customers to rate and review services and products, as well as the stores that sell them. We research and compare the most popular brands and models before narrowing it down to the top ten, providing you with the most comprehensive and reliable buying advice to help you make your decision.

Disclaimer

BestTopReviewsOnline.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com. As an Amazon Associate I earn from qualifying purchases.

 

Address & Map

20 S Santa Cruz Ave, Suite 300, Los Gatos, CA 95030, United States

© 2022 BestTopReviewsOnline.com Pty. Ltd. All Rights Reserved. Licensing: All third-party trademarks, images, and copyrights used on this page are for comparative advertising, criticism, or review. As this is a public forum where users can express their opinions on specific products and businesses, the opinions expressed do not reflect those of BestTopReviewsOnline.com.