De Exodus-spyware is ondertekend met legitieme Apple-ontwikkelaarscertificaten.
The government spyware Exodus, die eerder werd gevonden in 25 verschillende applicaties op Google Play, wordt nu ook naar iOS geporteerd. Dit is een waarschuwing voor onderzoekers Lookout Security.Spy Exodus kan gebruikerscontacten extraheren, gesprekken opnemen, onderschep foto's en volg de locatie. Volgens experts, the iOS version of this program has appeared in nature.
It is distributed bypassing the App Store – through phishing sites that mimic the official resources of mobile operators. Lookout Security experts believe that this program has been under development for at least five years.
Investigating the Android version of this malware, the experts came across several samples of the same program under the iOS system. Further research has shown that this version of the spy extends to phishing sites.
The Exodus developers went further – they became part of the Apple Developer Enterprise program, in order to be able to sign their applications with legitimate certificates from Apple.
Natuurlijk, the use of Apple certificates for malicious purposes is a violation of the Apple Developer Enterprise program. The American corporation has already withdrawn all affected certificates.
Bron: https://threatpost.com/exodus-spyware-apple-ios/143544/