iOS Malware ‘Xsser mRAT’ Targets Jailbroken iOS Devices
Posted on October 1st, 2014 by Derek Erwin
iOS Malware Targeting Jailbroken iPhones
It’s the big security news of the day. Security researchers have uncovered new iOS malware, called Xsser mRAT, which specifically targets iOS devices, and was originally targeted at Android devices.
The cross-platform attack involves both iOS and Android, targeting Hong Kong protesters, according to reports.
Lacoon Mobile Security discovered the malware while investigating similar malware for Google’s Android operating system that also targets Hong Kong protesters, and they have dubbed Xsser mRAT the "first and most advanced, fully operational Chinese iOS trojan found to date."
But should iOS users be running to the hills in panic over Xsser mRAT?
For the majority of iOS users, your iPhone or iPad is simply not at risk of infection, because the Xsser mRAT can only be installed on jailbroken iOS devices.
What we know about Xsser mRAT
The exact way Xsser malware ended up on iOS devices has yet to be uncovered, although it is likely to have been spread as a fake app pretending to help Hong Kong protesters meet.
Xsser mRAT is a trojan, which means it requires installation of an infected package containing the malware to be installed on jailbroken iOS devices.
Xsser mRAT installation process
Image credit: Lacoon
If installed, the trojan can operate in the background of a victims’ phone, and contents of the targeted device are sent to remote servers that appear to be controlled by a foreign government or organization. Xsser mRAT can steal SMS messages, call logs, location data, photos, address books, data from the Chinese messaging application Tencent and passwords from the iOS keychain, wrote Lacoon.
Even if the victim turns off their iPhone or iPad, the malware is not disabled, and researchers say that it reboots on start-up, as well as updating and sending back information automatically.
The full extent of how Xsser mRAT is being used is currently unknown. It is also unclear how the Xsser trojan would get onto a jailbroken iPhone, because at the moment the only known way for a victim to get the malware is to manually add the trojan’s source repository in Cydia, the jailbreak alternative to the App Store. If it is already in other packages as a trojan, it has yet to be identified.
How to protect yourself
One of the key benefits of running iOS instead of Android is the secure design of iOS. Purchasing an iPhone and jailbreaking it eliminates this major benefit, and it isn’t much different than running a Windows computer with no security software installed. Therefore, the most surefire method of protection is to not jailbreak your iPhone or iPad.
We have stressed this in the past, and now is a better time than ever to remind you: if you want to stop government spyware, don’t jailbreak your iPhone! And if you’re considering doing so, you should proceed with extreme caution. An iPhone that isn’t jailbroken is the safest way to prevent iOS malware infection.
If you have already jailbroken your iPhone, you have effectively taken out much of the security that Apple built into iOS in the first place, to protect users from nastiness and misbehaving apps. (Which leads us to ponder, if you’re going to jailbreak your iPhone, why did you bother getting one?)
Do you install apps that were not received from the App Store? If you think it is worth the risk, you should be super-careful about where you download and install applications. Just because an app claims to be one thing doesn’t mean it’s not another.
This entry was posted in Malware and tagged iOS, iOS Devices, iOS malware, iPad, iPhone, jailbreak, jailbroken, Xsser mRAT. Bookmark the permalink.
If You Care About Security, Throw Away Your iPhone 4 Right Now
Posted on September 23rd, 2014 by Graham Cluley
Throw your iPhone 4 in the bin
With the release of iOS 8—perfectly timed with the launch of the iPhone 6 and the trouser-bulging iPhone 6 Plus—Apple has continued its long and proud tradition of essentially forcing you to throw out your old iPhone and buy a new one.
Why do I say that? Because iOS 8, the latest version of their mobile operating system, is packed with security fixes – none of which are coming to iOS 7.
And, sadly, if you are still using an iPhone 4, iOS 8 is simply unavailable to you. iOS 7 is the end of the road as far as you are concerned.
Which means you have a choice.
You can either buy a more recent model of the iPhone (and upgrade it to iOS 8 if it isn't already pre-installed), switch to an Android (I can hear you gagging already…), or stick with your once proud iPhone 4 running iOS 7 and run the gauntlet of being exploited by the myriad of threats which will never get patched.
To be honest, none of these are terribly attractive options.
Why not buy a more recent iPhone?
Your iPhone 4 has probably served you well for years as a mobile phone, and allows you to browse the web and perform any number of functions without difficulty. Its battery may be getting a little long in the tooth and not last as long as it once did (the lack of replaceable batteries could be argued to be another way in which Apple builds obsolescence into its devices), but there are workarounds for that to keep you topped up during the course of the day.
Buying a newer iPhone just to keep it secure from vulnerabilities is a costly option for those with tight budgets. And tough luck if you actually *liked* the iPhone 4 because of its smaller size, compared to the later iPhone 5, the beefier iPhone 6 and the palm-stretching colossus that is the iPhone 6 Plus.
Why not buy an Android?
Switching to Android isn't going to be attractive to many either. After all, you've invested in the Apple ecosystem by making app purchases, and learnt how the iOS operating system works. You may have been turned off by Android in the first place by the significantly larger malware threat affecting the platform.
Furthermore, and thanks to Jon Ribbens on Twitter for reminding me of this, it's not as though many Android devices don't have their own fair share of problems when it comes to receiving OS updates.
Why not stick with what you've got?
Which leaves, of course, sticking with your iPhone 4 running iOS 7. That would be fine if so many security vulnerabilities in iOS 7 hadn't been fixed in iOS 8. And it's not as though the software flaws are academic and unlikely to be a threat in the real world.
Of particular concern is a memory-corruption issue in iOS's core graphics library, which could open opportunities for attackers to remotely exploit Safari on iPhones and iPads still running iOS 7.1.x.
According to security researchers at Binamuse, who discovered an exploit kit which exploited the CVE-2014-4377 vulnerability, attackers could potentially create a boobytrapped PDF file and embed it on a webpage to attack vulnerable devices running iOS 7.1.x, and gain complete control of victims' iPhones, iPod Touches and iPads.
In short, your iPhone 4 is not updated and it can be exploited just by browsing to a dangerous webpage.
But this is just one of many vulnerabilities that iOS 8 fixes, and who knows what future flaws later updates to iOS 8 will fix, which will remain forever unpatched on iOS 7.
Apple should patch iOS 7... but probably won't
Apple should really do the right thing and patch iOS 7 for those millions of users who are either unable or unwilling to update their operating system. Sadly, I can't see that happening...
I know that Apple doesn't want to get into a Microsoft-style situation (remember Windows XP?) where it finds itself struggling to keep an ancient operating system secure, long after they should have been dumped; but, the iPhone 4 was first launched on the world in mid-2010, and was still being sold in some countries until early this year.
To be selling a product less than a year ago, and for it now to be inherently risky from the security point of view, feels like a company that doesn't care about the safety of some of its most vulnerable customers – those who can least afford to shell out hundreds of dollars for the very latest gadget.
Do you think Apple is right to leave iOS 7 users in the lurch, or should they do more to support those who bought the iPhone 4 and earlier devices? Leave a comment with your point of view.
Graham Cluley Graham Cluley
About Graham Cluley
Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats. Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security. Follow him on Twitter at @gcluley. View all posts by Graham Cluley →
This entry was posted in Security & Privacy and tagged Apple, CVE-2014-4377, iOS 7, iOS 8, iPhone, iPhone 4, security, vulnerability. Bookmark the permalink.
This topic has been closed due to inactivity. If you would like to discuss this topic further, please start a new post.
You can reference this topic in your post by adding this link:
Visit the Community
Check our Forums or How-to & FAQs for advice or answers
View User Guides
Refer to our getting started guides and product manuals
Talk to our Support and get answers to your questions