Reports have surfaced today that a new type of spyware is in the wild and targeting iOS devices. The spyware is part of a malware campaign security industry people are calling “Operation Pawn Storm.”
The spyware is actually an app — the security firm Trend Micro has dubbed the app XAgent — that attempts to install and run on iOS devices.
Once installed, the malicious application can collect text messages, contact lists, pictures, geolocation data, and information from installed apps on an iOS device. It reports the data back to a control server. It can also collect the user’s Wi-Fi status. The most vulnerable devices are iPhones — even if the user hasn’t degraded security by jailbreaking it.
XAgent can use Apple’s ad hoc provisioning system — a feature used by enterprises to distribute apps to small groups of users — to install itself on the target’s phone.
Fortunately, for iOS 8 devices, the user will see multiple notifications that the phone is trying to install an app. And it can’t run without the user launching. On a device running iOS 7, XAgent could install itself, and it does not show up as an app icon on the interface.
“The good thing for users is that this isn’t something that can be automatically done,” Trend Micro executive Jon Clay told Macworld. “There are steps you have to do as a user to install this.”
In iOS 8 the user must launch the XAgent app before it can do any damage.