Security researchers discover iOS version of Android-targeted spyware

Photo (c) NicoElNino - Getty Images

A pared-down version of surveillanceware called Exodus was recently discovered

Researchers at mobile security firm Lookout have discovered an iOS version of a dangerous piece of spyware typically found exclusively on Android devices.

The researchers said the iOS variant of the surveillanceware, called Exodus, is less sophisticated than the version that tends to target Android devices. Further, it hasn’t yet made it into Apple’s official App store; it’s only been discovered in third-party app marketplaces.

But once the spyware has been installed, it can mine a user’s contacts, audio recordings, photos, videos, and device information (including real-time location data). Last month, security researchers from Security Without Borders found the spyware hidden in an app uploaded to Google’s Play Store.

Exodus was found on several phishing sites designed to look like legitimate information pages for mobile carriers based in Italy and Turkmenistan, according to research presented this week at the Kaspersky Security Analyst Summit conference.

“The iOS versions were available outside the app store, through phishing sites, and abused the Apple Developer Enterprise program,” the researchers said in a blog post.

Beware of spyware

The team at Lookout did not provide an estimate of how many Apple users have been affected by the malware.

“In terms of capabilities on the iOS side, they’re doing pretty much everything I’m aware of that you can do through documented Apple APIs, but they’re abusing them to do surveillance-type activities,” Adam Bauer, a senior staff security intelligence engineer at Lookout, told Wired.

“Finding surveillance-ware on Android or even iOS is not necessarily uncommon. But finding an actor like this is actually relatively rare. The main differentiator with this actor is the level of professionalism that we’ve seen from them,” Bauer said.

The Android and iOS versions of Exodus have now been blocked. However, the discovery of the spyware on both mobile platforms serves as a reminder to avoid phishing links and only download apps directly from Google Play or Apple’s official App Store.

Take an Identity Theft Quiz. Get matched with an Authorized Partner.