Hyper-targeted attack against 13 iPhones dropped malicious apps via MDM

Enlarge / Messages like this one would have come up every time hackers pushed a modified app to their victims. But YOLO, apparently. (credit: Cisco Talos)

Cisco’s Talos, used the “BOptions” sideloading technique to modify versions of legitimate applications, including WhatsApp and Telegram. The initiative inserted additional libraries into the application packages, and the modified applications were then deployed to the 13 victim iPhones via the rogue mobile device management systems.

“The malicious code inserted into these apps is capable of collecting and exfiltrating information from the device, such as the phone number, serial number, location, contacts, user’s photos, SMS, and Telegram and WhatsApp chat messages,” wrote Talos researchers Warren Mercer, Paul Rascagneres, and Andrew Williams in a post on the attack. “Such information can be used to manipulate a victim or even use it for blackmail or bribery.”

Read 2 remaining paragraphs | Comments