An iOS app that targets contacts, audio recordings, photos and videos, and other personal data stored on mobile phones, has been detected by tech experts.
The number of people who have fallen victim to the malicious spyware is yet unknown. However, the nature of the app has been identified as mirroring the infrastructure of Exodus, an Android spyware platform downloaded by users from the Google Play Store.
Disguised as service applications, the reported iOS malicious app, much like Exodus, aims to collect, extract and send on the information about a user's device and data.
The iOS app also uses certificate pinning, to mask its network traffic, making it difficult to study. Attackers were reported to set up phishing traps, sending users to allegedly legitimate websites — mobile telecom companies Wind Tre SpA (from Italy) and TMCell (of Turkmenistan) — where they would ultimately download the app.
Exodus is allegedly capable of exposing infected devices to further compromise or data tampering. The mobile apps containing Exodus may stay on Google Play Store for months at a time, and be re-uploaded if removed. Both Exodus and its iOS version have been blocked by the respective play stores.
However, experts remain vigilant in their cautions against phishing links and downloading apps from sources other than official Google and Apple app stores.
