Over the weekend, security site Palo Alto Networks reported a new iOS malware that's can infect non-jailbroken Apple devices using enterprise certificates and private APIs[application programming interfaces]. It's apparently infected at least 100 Apple App Store apps.
“Although the specific behaviors of this malware are fairly unique, it still is no more able to install itself invisibly than any other iOS malware to date,” says Mac security expert, Thomas Reed, director of Mac Offerings at Malwarebytes, provider of an user-installed anti-malware solution. “It's signed with an enterprise provisioning profile, so the user must accept its installation. Two aspects of this are concerning. One is the difficulty of removing the malware. I'd recommend a full factory reset of the phone to be 100% sure everything is wiped."
Second is the wide variety of ways this malware has been spread, including incentives to get repair techs and the like to install it on phones they "fix," and the hacking of ISP-injected advertising, he adds. Reed says that, fortunately, these techniques are not likely to spread to places like North America or Western Europe, where tight controls are in place to prevent this type of activity.
"Still, that's of no help to people in China who are affected by this," he adds. "Unfortunately, this attack is complicated by the fact that there's no anti-malware software for iOS, and no way for any software to scan iOS due to sandboxing restrictions."
An Apple representative told The Loop that the issue only impacts users on older versions of iOS who have also downloaded malware from untrusted sources. "We addressed this specific issue in iOS 8.4 and we have also blocked the identified apps that distribute this malware. We encourage customers to stay current with the latest version of iOS for the latest security updates," says the representative. "We also encourage them to only download from trusted sources like the App Store and pay attention to any warnings as they download apps."