12 November 2014
IOS USERS have been warned of a major security flaw that could allow attackers to steal financial and personal information from app caches by masquerading as legitimate apps.
Called Masque Attack, the vulnerability was uncovered by security firm FireEye, which said that the malware exploits a flaw in the iOS 7.1.1, 7.1.2, 8.0, 8.1 and 8.1.1 beta enterprise provisioning features, making about 95 percent of devices vulnerable.
“Masque Attacks can replace authentic apps, such as banking and email apps, using the attacker’s malware through the internet,” said FireEye in a blog post about the Masque campaign.
“That means the attacker can steal a user’s banking credentials by replacing an authentic banking app with malware that has an identical UI.”
The malware can even access the original app’s local data, which wasn’t removed when the original app was replaced.
This data may contain cached emails, or even log-in tokens which the malware can use to access the user’s account directly.
News of the Masque campaign follows the uncovering of a similar malware called WireLurker by Palo Alto Networks. However, FireEye said that Masque Attack “can pose much bigger threats than WireLurker”.
FireEye design engineer Hui Xue explained that the attacks are targeted at this stage, but that the firm has seen evidence that the scope may increase in the near future.
“The attacks can be very targeted because, once launched, the malware can use iOS private APIs and even other exploits to read sensitive data on the iOS system and identify the user through data such as International Mobile Station Equipment Identity,” said Xue.
“The victim can be anyone who installs and launches the malware. We’ve seen proof that this has started to circulate. If not fixed properly, these attacks can become big threats.”
Xue added that FireEye contacted Apple about the problem in July and “as far as we know, they are working on a fix”.
FireEye recommended users to adopt temporary mitigations to protect themselves, including installing apps only from the Apple App Store and not clicking on web pop-ups.
FireEye advised that, when opening an app, if iOS shows an alert with ‘Untrusted App Developer’ click on ‘Don’t Trust’ and uninstall the app as soon as possible.
Source – http://www.theinquirer.net/inquirer/news/2380636/masque-malware-is-putting-ipad-and-iphone-user-data-at-risk