‘Masque Attack’ writes over genuine apps; steals personal and financial data

Researchers have discovered a new attack on iOS devices that could allow attackers to unsuspectingly access and steal users’ personal and financial information from their app caches.

The “Masque Attack” works off a vulnerability in third-party app stores that, when exploited, allows attackers to replace genuine apps downloaded from the App Store with their own malicious versions, according to a FireEye blog post. Legitimate apps can be written over if they share the same bundle identifiers as the malicious apps.

“This vulnerability exists because iOS doesn’t enforce matching certificates for apps with the same bundle identifier, so attackers can use enterprise provisioning/adhoc provisioning apps to replace the original apps from the app store,” Tao Wei, senior research scientist, said in an email to SCMagazine.com

This attack is one of the first to be put together with WireLurker malware, which originally attacked iOS devices through USB.

As compared to that original attack, the Masque version spreads malware directly through the internet and can originate with a phishing text prompting an iOS user to download a new app.

As an example, researchers sent a phishing text to themselves with instructions to check out a new app, as well as a download link. When they clicked on the link to download the app, nothing was installed outright. Rather, their Gmail app was written over with malicious code.

Read the Full Article: Source – SC Magazine

source not found

Related Article

Leave a Reply