Internet security company Trend Micro has discovered a new malware that infects iPhones running iOS 7 or iOS 8, known as XAgent. Though the method of infection is yet to be uncovered, it is thought be spread via phishing attacks, with messages from one infected phone being sent to others, containing malicious links.
XAgent steals user data, including photos, text messages, contacts, and location data. Trend Micro posted the following details about XAgent to its blog:
The XAgent app is fully functional malware. After being installed on iOS 7, the app’s icon is hidden and it runs in the background immediately. When we try to terminate it by killing the process, it will restart almost immediately.
Installing the malware into an iOS 8 device yields different results. The icon is not hidden and it also cannot restart automatically. This suggests that the malware was designed prior to the release of iOS 8 last September 2014.
Trend Micro claims that XAgent was developed by a team of Russian hackers – called Operation Pawn Storm – and that the malware may have been designed to target government, military, and media outlets. The Trend Micro blog continues:
The actors of Pawn Storm tend to first move a lot of pawns in the hopes they come close to their actual, high profile targets. When they finally successfully infect a high profile target, they might decide to move their next pawn forward: advanced espionage malware.
The iOS malware we found is among those advanced malware. We believe the iOS malware gets installed on already compromised systems, and it is very similar to next stage SEDNIT malware we have found for Microsoft Windows’ systems.
Anyone concerned about the security of their device can get more details of XAgent at the Trend Micro website.