According to security researchers, they have come across another spyware app discovery targeting iPhone users. Android was the platform for which the app was designed, originally.
Researchers found the app at the “Lookout” mobile security firm. They are saying that the developer of the app developed the app while misusing their Apple issued enterprise certificates to avoid the security protocols of the app store.
The spyware app records a lot of real-time data as well as device information. Such as contacts, gallery photos, audio recordings, videos, and other personal data. The app also gives the user the ability to eavesdrop on the conversations of people, remotely.
However, researchers couldn’t find any data on the demographics of who might have become the victim of the app. According to the researchers, the app was installed from fake sites who were masquerading as cell carriers in Turkmenistan and Italy.
Researchers linked the app to the developers of the app, Connexa, who have already developed an Android app which acts as spyware and being used by the Italian Law Enforcement department.
Exodus is the name of the Android app, and it has successfully targeted hundreds of people. The app attacks the victims by installing itself or having it installed.
Exodus spyware capabilities
The app downloads a framework on the device which gives, the person on the other end, root access. It gives complete control of the device, compromising the device data such as Wifi pass, cellular data, and even emails. Basically, any security information present on the device is compromised.
Researchers found out that more or less, the same backend framework is being used in both the apps. However, the iPhone spyware app uses various different methods to hide its presence from firewalls and such. Methods like certificate pinning, make it easier for the app to hide its actual working from someone on the lookout, thus making it inconvenient and tiresome when scrutinizing the network traffic.
Adam Bauer, Lookout’s senior security intelligence engineer says in a statement that, “This is one of the indicators that a professional group was responsible for the software.”
Bauer further adds that the Android version of the app is widely distributed and available for download from the Google Play store. However, the iPhone version of the spyware app is not easily available. The enterprise certificate of Apple issued to the developer was signed by Conexxa as well, which lead to bypassing the security protocols of Apple’s app store.
Violations in the app store policy
Apple comments that this is a clear violation of its policies, as the certificates are designed to push internal apps to consumers.
This marks another incident of the app-makers abusing their enterprise certificates to push their own apps which don’t comply with the rules and regulations set by Apple. Even Facebook and Google were giving illicit apps to consumers by signing them with their enterprise certificates. Apple shut down these apps after discovering violations of the app store by the apps.
However, Apple and Google weren’t the only ones having their apps available for download on the app store. Apple has been busy revoking app makers’ enterprise certificates, removing the app from the app store.
After the disclosure of the researcher’s findings, still, no number of the affected users can be determined. Both Apple and Connexa are silent and have not given any response regarding the situation.
Let us know what you think about the situation in the comment section below!