The Exodus spyware was signed with legitimate Apple developer certificates.
The government spyware Exodus, which was previously found in 25 different applications on Google Play, is now ported to iOS as well. This is a warning researchers Lookout Security.Spy Exodus can extract user contacts, record conversations, intercept photos and track location. According to experts, the iOS version of this program has appeared in nature.
It is distributed bypassing the App Store – through phishing sites that mimic the official resources of mobile operators. Lookout Security experts believe that this program has been under development for at least five years.
Investigating the Android version of this malware, the experts came across several samples of the same program under the iOS system. Further research has shown that this version of the spy extends to phishing sites.
The Exodus developers went further – they became part of the Apple Developer Enterprise program, in order to be able to sign their applications with legitimate certificates from Apple.
Of course, the use of Apple certificates for malicious purposes is a violation of the Apple Developer Enterprise program. The American corporation has already withdrawn all affected certificates.
Source: https://threatpost.com/exodus-spyware-apple-ios/143544/
