All these days we have seen Exodus Spying malware targeting Android devices. But recently, security researchers from a nonprofit security organization ‘Security Without Borders’ found that the spyware Exodus was also prevailing on iOS devices on contrary to the impression that the malware cannot survive in Apple Inc’s iOS environments.
The details of the spyware’s prevalence on iOS was revealed at the Kaspersky Security Analyst Summit held in Singapore by researchers from Lookout who reported that the said malware was being circulated through fake mobile carrier support apps.
Researchers argue that there is more to discover about the malware as it is believed to be distributed as so-called ‘lawful intercept’ software which is generally used by law enforcement and governments.
For those who are unfamiliar with the capabilities of Exodus, here’s a summary. It is basically a spying tool which when infecting a device offers a dropper that collects basic info such as a device’s IMEI number, its phone number, and GPS location.
Then it sends that info to remote command and control servers which are done in multiple binary packages aimed at detecting down a device. After which a Linux exploit named DirtyCOW aims to exploit root access which then helps the malware collect the entire data on the phone including the hardware, software details, chat logs, contacts, audio& video files, photos, videos, and text stored on the phone.
All Android phones are now reported to be immune to the 3rd phase of Exodus i.e. DirtyCOW as Google issued a security patch to the vulnerability in 2016.
As the doors on Google OS phones were closed to the malware developers they started to use Apple’s Developer Enterprise Program to explore their distribution options on iOS devices.
Lookout claims that the number of infected iOS devices is currently small- probably in 1000s.
But reports are in that those who are habituated to surf Italian websites are said to be at high risk of getting their devices infected with Exodus malware.