Apple has strong security, which is why users ask if they even can get a virus on Apple devices. (See our post about tech support scams.) Since iPhones came out in 2007, Apple’s secure operating system has kept iOS devices free of malware. For security, Apple has always warned against jailbreaking iPhones. “Jailbreaking” is a way that people modify their phones to “break out” of the software restrictions imposed by iOS, Apple’s operating system. Until recently, only iPhones that had been jailbroken were vulnerable to attack.
This changed in 2014. If you think that an iPhone can’t get infected with a virus, think again. These are the recent iOS malware incidents.
April 2014 was the first time attackers succeeded at infecting non-jailbroken iPhones with malware. WireLurker initially infected Mac OS X (laptop or desktop) computers that had installed apps at a Chinese third-party app store called Maiyadi. Then, when an iPad or iPhone was connected to that computer via a USB cord, the malware was installed on the mobile device through iTunes. This malware targeted Chinese Apple users and stole device information, iMessages, and address books, sending the information to a remote server. There are no symptoms of this malware on the device. Apple responded to this threat within 24 hours and released updates to block WireLurker.
In September 2014, researchers uncovered the first cross-platform malware in pirated apps that targeted jailbroken iOS devices. This malware originally targeted Android devices. The mobile remote access Trojan (mRAT) malware named Xsser, was sent as an anonymous message to protesters in Hong Kong who were WhatsApp messaging app users. Users were tricked into downloading this malware which, acting as a Trojan horse, operated in the background sending personal data to remote servers. It stole passwords, SMS text messages, call logs, photos, address books, GPS locations and other data from Apple mobile devices. Even if the iPhone or iPad was turned off, the malware was not disabled. Each of the victims had one thing in common – they had downloaded and installed an app from somewhere other than the official Apple App Store.
In 2015, 225,000 jailbroken devices were hacked. Users in 18 countries, including China, were affected. In addition in 2015, iOS users who didn’t jailbreak their devices and who had only installed apps from the official App Store (as instructed by Apple) were also affected by malicious apps.
This year, Apple discovered and removed 39 apps from its official App Store that were infected by malware. Prior to this, only five malware-infected apps had ever gotten past Apple’s testing to be sold in the App Store, a very small percentage of the over 1.5 million apps in the store. The apps were created via a counterfeit version of Apple’s Xcode program called XcodeGhost. The compromised software included apps for trading stocks and banking, as well as an old version of WeChat – a messaging app with over 500 million monthly users. The malware sent usernames and passwords to the command server. Again, this attack was targeted at China, but this time at the app developers who were downloading Xcode from unofficial, local sites which had faster download speeds than the official sites on Apple’s U.S. servers. Apple responded not only by removing the tainted apps, but also by adding servers in China to make its Xcode tool more available locally for Chinese developers.
In October of 2015, a security firm called PaloAlto Networks reported about a strain of malware called YiSpecter which can target even devices that are not jailbroken. The malware, which had been in the wild for over 10 months, is the first malware that uses private APIs in the iOS system to carry out malicious activities. It primarily affected iOS users in mainland China and Taiwan.
YiSpecter can “download, install and launch arbitrary iOS apps, replace existing apps with those it downloads, hijack other apps’ execution to display advertisements, change Safari’s default search engine, bookmarks and opened pages, and upload device information to the C2 server… Even if you manually delete the malware, it will automatically re-appear.” It is installed through several methods including hijacking traffic from ISPs, a worm on Windows and an offline app installation. It is spread primarily by downloads of an imitation version of QVOD, a video streaming app, and users are tricked into downloading it with promises of porn and free movies.
Apple addressed this malware in iOS 8.4 and blocked the identified apps that distributed malware. They released an official statement explaining that YiSpecter is only able to target iOS “users on older versions of iOS who have also downloaded malware from untrusted sources.”
What the future may bring
Apple continues to protect iDevices from malware. As attackers try to infect iOS with malware, Apple responds swiftly to each attack with security upgrades. In fact, iOS 9, the newest operating system, addresses 101 security bugs and vulnerabilities!
To protect your iPhone/iPad, be sure to update to the newest operating system and always install all security updates.
This advice applies to all technology. Security updates are released to protect you and your network. Big Idea Technology installs security updates for our clients and ensures that the updates work with their software applications. Call us to learn what to do to keep your network secure.