iOS Version of Exodus Android Spyware Doing the Rounds
Security researchers have discovered a dangerous iOS spyware strain that was seen earlier this year on the official Google Play Store.
Exodus is the name of the spyware and it was developed by Connexxa, the Italian app maker known to provide surveillance tools to Italian authorities.
Security researchers found that the iOS version is less sophisticated than the Android variant, and has not yet been distributed via the official Apple App Store.
Exodus variant was discovered in March 2019
Exodus variant was discovered last month when researchers found spyware hidden inside an app uploaded to the Play Store. The malware targeted the customers of a local Italian internet service provider (ISP).
They said the spyware possessed an advanced set of spying features, which allowed the attackers to have complete control of the devices.
The researcher at SWB said, “The malware detected nearly 25 different Exodus-infected apps that had been uploaded on the Play Store over the last two years.”
Exodus iOS version is less sophisticated
Adam Bauer, researcher, Lookout security in a report said: “it discovered an iOS variant of this, spyware, during their analysis of Exodus samples they’ve found last year.” In research published at the Kaspersky Security Analyst Summit conference, the team at Lookout said “Analysis of these Android samples led to the discovery of infrastructure that contained several samples of an iOS port. The iOS version was being offered for download through phishing sites that imitated Italian and Turkmenistani mobile carriers,” said Bauer.
The infected iOS apps were signed with Apple-issued enterprise certificates, which allowed victims to install malicious apps, even from outside the App Store. Apple eventually revoked these certificates.
The iOS variant was a newer project, and was far less sophisticated, compared to the Android version, said Bauer. He added how that the Android version was under development for at least five years.
However, the iOS version was nowhere near as intrusive as the Android variant. All it could do is to collect and steal photos, contacts, videos, device location, and GPS information. Otherwise, it did not have the same level of control of infected devices like the Android variant.
The only similarity can be attributed to the fact that the links between the iOS variant were on the same server infrastructure as payloads used by the Android version. Both Android and iOS variant used a similar protocol and uploaded stolen data to the same exfiltration server.
Julia Sowells923 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.