Wednesday, November 12, 2014

Masque Attack installs malware on the iPhone instead of the app – Zeus News – Olympus Computer

A flaw in the iOS app makes it very dangerous to accept from strangers.

The latest threat for iOS called Masque Attack, and the name is definitely got it right: the danger it masquerades as a legitimate app.

The discovery of its existence is due to FireEye: had noticed back in July and had been informed Apple, but trying not to spread the news to prevent any malicious took advantage of it.

Now, however, the danger is expanding and there is no reason to keep the secret; indeed, it is good to inform users that do not care to accept apps from strangers.

The problem is a vulnerability in iOS 7.1.1, 7.1.2, 8.0, 8.1, and 8.1.1 beta.

Unforunately is relatively simple, as the video below demonstrates that we report. It all starts when you receive a link – for example, by SMS or by email – it promises to download a new app without going through the App Store. In itself it is a legitimate practice, often used in business.

The link can suggest an app of any kind (in the demo video claims to be a version of Flappy Bird ) but it really makes downloading malware; This then replaces existing legitimate app on your iPhone or iPad with a seemingly identical which, however, contains code that can do damage.

For instance, malware can replace the Gmail app with a nearly perfect copy that, in addition to performing the normal functions of e-mail, steals all the data entered. And if it’s bad enough that this is done with the mailbox, we can imagine how much more dangerous it would be if it happened with the app worked for ‘ online banking .

Also – says FireEye – the fake app also gets access to local data of the app so original and may seize such copies of the email, or token to login access to an account.

Attack Masque is not able to replace the pre-installed apps from Apple like Safari, but can act safely on the other.

Until Apple solves the problem by solving the flaw in iOS, the first defensive measure is to avoid installing apps that do not come from the App Store, and whose account we will always be doubts .

Below, the video that shows how it works Masque Attack.

LikeTweet

No comments:

Post a Comment