This iPhone Spyware App Is Spying On Users, Poses As Mobile Carrier Support

It is a myth that privacy and data security will improve when costly smartphones including iPhones are owned. This follows revelations about a powerful spy app known as Exodus that is spying iPhone users.

According to security researchers, the spy app tracks personal data, private conversations and destroys privacy.

Exodus in iOS has been spotted by researchers at mobile security firm Lookout. Earlier it was detected in many Android devices but the iPhone foray has been a shocker.

On how the malicious app penetrated iPhone to infect unsuspecting victims, the researchers said the developer was able to fake the spy app as a carrier assistance app. This was done by winning an Apple-issued enterprise certificate to avoid the scrutiny at the Apple app store.

Unlike, the Android version of Exodus that is some five years old, the iOS version is quite recent. The difference in the two versions is that the spy app in iOS format gains user’s permission unintentionally by posing as a legit app before starting its surveillance antics.

The spy app then grabs vital data of the iPhone user’s including contacts, photos, audio recordings, videos, and real-time location data. The app can also trigger remotely to overhear people’s conversations.

So far no data is available who all have been targeted. But researchers vouch that the malicious app is served from fake sites pretending as cell carriers based in Italy and Turkmenistan.

iOS app connected with erstwhile Android app makers

Researchers have traced the iPhone-targeting app’s origin to developers who made the original Android app Exodus.

They said indications are that the development of Exodus spy app might have been contributed by Italian video surveillance company eSurv and Connexxa that it acquired in 2016.

The broad features and wider spying capabilities make it gain control over the device’s data, including emails, cellular data, and Wi-Fi passwords.

The iOS version uses many techniques to evade detection including certificate pinning, noted Adam Bauer, Lookout’s senior staff security intelligence engineer.

“Finding surveillance-ware on Android or even iOS is not necessarily uncommon. But finding an actor like this is actually relatively rare. The main differentiator with this actor is the level of professionalism that we’ve seen from them,” added Bauer.

Mobile users are mostly vigilant against spyware and stay away from phishing links by relying on mainstream apps that are downloaded from Google Play or Apple’s App Store.

But Exodus is very much present on both platforms posing as a genuine app and can defeat user's vigil against insidious spyware.

But the good news is Apple canceled the app maker’s enterprise certificate after the findings on the spy app came out. It is unknown how many Apple users have been affected by that action.

More details of the iOS version of Exodus will be shared by the Look Out researchers at the Kaspersky Security Analyst Summit in Singapore in the coming days.