DualToy: New Windows Trojan Sideloads Risky Apps to Android and iOS Devices

Over the past two years, we’ve observed many cases of Microsoft Windows and Apple iOS malware designed to attack mobile devices. This attack vector is increasingly popular with malicious actors as almost everyone on the planet carries at least one mobile device they interact with throughout any given day. Thanks to a relative lack of

Pirated iOS App Store’s Client Successfully Evaded Apple iOS Code Review

Apple’s official iOS App Store is well known for its strict code review of any app submitted by a developer. This mandatory policy has become one of the most important mechanisms in the iOS security ecosystem to ensure the privacy and security of iOS users. But we recently identified an app that demonstrated new ways

The Threat Intelligence Research That Mattered to You This Year

Unit 42 did some incredible work in 2015 discovering, analyzing and disclosing malware – some new and others making a reappearance. Take a look below at some of their top threat intelligence research from this past year: XcodeGhost Unit 42 analyzed XcodeGhost, which modifies Xcode and infects Apple iOS Apps, and its behavior. The team found that many popular iOS apps were infected,

iOS Trojan “TinyV” Attacks Jailbroken Devices

In October 2015, we discovered a malicious payload file targeting Apple iOS devices. After investigating, we believe the payload belongs to a new iOS Trojan family that we’re calling “TinyV”. In December 2015, Chinese users reported they were infected by this malware. After further research, we found the malware has been repackaged into several pirated

BackStab: Mobile Backup Data Under Attack from Malware

Today we are releasing a whitepaper describing how malicious actors are stealing private mobile device data by accessing local backup files stored on PC and Mac computers. We have identified 704 samples of six Trojan, adware and HackTool families for Windows® or Mac® OS X® systems that used this technique to steal data from iOS

More Details on the XcodeGhost Malware and Affected iOS Apps

A few days ago, we investigated a new malware called XcodeGhost that modifies Xcode, infects iOS apps and is seen in the App Store. We also found more than 39 iOS apps were infected, including versions of some pretty popular apps like WeChat or Didi, potentially affecting hundreds of millions iOS users. We also analyzed

Update: XcodeGhost Attacker Can Phish Passwords and Open URLs through Infected Apps

On Thursday we posted the initial analysis report on XcodeGhost malware and then found it had infected 39 iOS apps, potentially impacting hundreds of millions of users. XcodeGhost embedded malicious code into those infected iOS apps. In the first report, we noted that the malicious code uploads device information and app information to its command

Novel Malware XcodeGhost Modifies Xcode, Infects Apple iOS Apps and Hits App Store

UPDATE: Since this report’s original posting on September 17, three additional XCodeGhost updates have been published, available here, here and here.  On Wednesday, Chinese iOS developers disclosed a new OS X and iOS malware on Sina Weibo. Alibaba researchers then posted an analysis report on the malware, giving it the name XcodeGhost. We have investigated the malware to identify how it

KeyRaider iOS Malware: How to Keep Yourself Safe

Earlier this week we published an analysis of KeyRaider, which is an iOS malware family and a reminder of the risks users take when they choose to jailbreak their mobile devices. Attackers used KeyRaider malware to steal more than 225,000 Apple accounts. KeyRaider targeted only jailbroken Apple devices, primarily through Chinese websites and apps that

KeyRaider: iOS Malware Steals Over 225,000 Apple Accounts to Create Free App Utopia

Executive Summary Recently, WeipTech was analyzing suspicious Apple iOS tweaks reported by users and found over 225,000 valid Apple accounts with passwords stored on a server. In cooperation with WeipTech, we have identified 92 samples of a new iOS malware family in the wild. We have analyzed the samples to determine the author’s ultimate goal

Learn More About WireLurker and the Impact to OS X and iOS

Recently Palo Alto Networks researcher Claud Xiao discovered WireLurker, a new family of Apple OS X and iOS malware with characteristics unseen in any previously documented threats targeting Apple’s popular desktop and mobile platforms. Much has happened since Claud’s discovery, so we’re pleased to present a new webinar covering WireLurker information and the potential impact

Protecting Users from iOS App Provisioning Profile Abuse

Recently, we announced the discovery of WireLurker, a new family of malware that abuses app provisioning profiles to install potentially malicious apps on any iOS device, regardless of whether it is jailbroken.  Shortly after, FireEye highlighted the Masque Attack, which also relies on malware apps signed by provisioning profiles and had previously been disclosed by

The Question of WireLurker Attribution: Who Is Responsible?

After news of WireLurker began circulating in handful Chinese-language tech forums over the summer, a Chinese-language technology blogger conducted online research in an attempt to track down the author of WireLurker and engage him in an online chat. While it is unclear whether he found the actual author, it appears he was able to locate

Get updates on Unit 42

Sign up to receive the latest news, cyber threat intelligence and research from Unit 42

Follow us on