Beware Apple iOS attacks using ‘Masque Attack’ techniques from uncertified apps

Researchers have discovered a technique that may enable attackers to substitute malware for a legitimate app on Apple iOS devices such as iPhones and iPads.

Although the risk of being subjected to a Masque Attack is low, it is another reminder not to download pirated apps or software from untrusted sources. It is also a reminder that Apple products are increasingly being targeted by attackers.

As many people believe you cannot get a virus/trojans/malware on Apple devices (more so on OSX), this is not true and Apple devices, due to their numbers, will and currently are being targeted. Sterling IT use and recommend Webroot and/or Trend Micro Antivirus to protect Apple Mac.

About Masque Attack

A Masque Attack can occur if a user downloads an app from a rogue source such as a link embedded in a phishing email or from an unofficial app site hosting fake ‘uncertified’ apps.

The Masque Attack takes advantage of a weakness in iOS security which can enable malware to be installed.

If a malicious app can be crafted to use the same ‘bundle identifier’ (an ID Apple uses to identify individual apps) as a legitimate app on your phone, Apple will not check its security certificate. It means that a malicious app can replace a legitimate app on your device.

A criminal using the Masque Attack technique will typically disguise their malware as a popular game or program for you to install. Only install via the APP STORE via your device.

Once installed it may be able to steal information from your device such as passwords or internet banking details and send them to a remote server controlled by criminals. Possible impacts include the malware being able to steal logon credentials; access sensitive data; avoid detection and steal Apple IDs and passwords.

Staying safe

  1. Do not download software or apps from untrusted sources. Sticking with Apple’s AppStore helps protect against downloading malicious software
  2. Do not click ‘install’ from pop ups when viewing a web page. Even if it tells you , that you have a virus. Most of these are traps.
    Sterling IT has posted MANY emails recently with relation to this and unfortunately we are still getting clients infected, even with prior warning.
  3. If your iOS device shows an ‘Untrusted App Developer’ alert when you open an app, click on ‘Don’t Trust’ and uninstall the app immediately.
  4. Use security software for all your computer and mobile devices.
  5. Keep your system up-to-date by downloading software updates as they are released.
  6. Do not connect or ‘pair’ your device with untrusted computers.

For FREE advice or any questions regards to this, please contact Sterling IT. You are better asking as prevention is better than cure!!