Android OS And iOS Targeted by Man-in-the-Middle Attacks

Enterprises, governments and individuals have been warned about an Xsser mobile remote access Trojan (mRAT), which targets iOS and Android devices.

The Xsser mRAT is spread through man-in-the-middle and phishing attacks and may involve cellphone tower eavesdropping for location-specific attacks.

The warning has come from Akamai Technologies, a provider of cloud services for delivering, optimising and securing online content and business applications, which today issued the stark warning through the company’s Prolexic Security Engineering & Response Team (PLXsert), a new cybersecurity threat advisory.

Stuart Scholly, senior vice president and general manager, Security Business Unit, Akamai, said: “Sophisticated malicious actors are targeting unsuspecting mobile device users. Attackers are impersonating or bypassing Google and Apple app stores and using social engineering to trick users into downloading unverified apps that install malicious applications such as the Xsser remote access Trojan onto a user’s mobile device. For example, attackers offered a counterfeit Flappy Birds app download to deliver the malicious software.”

Jailbroken iOS devices at risk

Jailbreaking is the process of removing limitations and security checks in the iOS operating system in order to allow users to install applications from other application stores. In China, for example, 14 percent of the 60 million iOS devices are estimated to have been jailbroken, often to support the use of third-party Chinese character keyboard apps. Jailbroken phones are at greater risk for malware.

Mobile remote access Trojan: the Xsser mRAT

Formerly, Xsser mRAT targeted only Android devices, but a new variant infects jailbroken iOS devices. The app is installed via a rogue repository on Cydia, the most popular third-party application store for jailbroken iPhones. Once the malicious bundle has been installed and executed, it gains persistence – preventing the user from deleting it. The mRAT then makes server-side checks and proceeds to steal data from the user’s device and executes remote commands as directed by its command-and-control (C2) server.

Scholly added: “Infected phones with the remote access software installed could be used for a wide variety of malicious purposes including surveillance, the stealing of login credentials, launching distributed denial of service (DDoS) attacks, and more. With more than a billion smartphone users worldwide, this kind of malware creates significant risks to privacy and a risk of rampant illegal activity.”

The best protection is to prevent infection

It is difficult to detect whether a phone is under attack from malware such as Xsser mRAT, so a focus on prevention is necessary. Virtual private networks (VPN), two-factor authentication, peer-to-peer proximity networking and commercial phone security applications can provide some protection. Avoiding the use of free Wi-Fi hotspots and automatic connections, ignoring unexpected communications, not jailbreaking phones and not using apps from untrusted sources are some of the self-protection approaches discussed in the advisory.

Duncan Macrae

Duncan MacRae is former editor and now a contributor to TechWeekEurope. He previously edited Computer Business Review's print/digital magazines and CBR Online, as well as Arabian Computer News in the UAE.

Recent Posts

OpenAI, Broadcom In Talks Over Development Of AI Chip – Report

Rebelling against Nividia? OpenAI is again reportedly exploring the possibility of developing its own AI…

2 days ago

Microsoft Outage Impacts Airlines, Media, Banks & Businesses Globally

IT outage causes major disruptions around the world, after Crowdstrike update allegedly triggers Microsoft outages

2 days ago

GenAI Integration Efforts Hampered By Costs, SnapLogic Finds

Hefty investment. SnapLogic research finds UK businesses are setting aside three-quarters of their IT budgets…

3 days ago

Meta Refuses EU Release Of Multimodal Llama AI Model

Mark Zuckerberg firm says European regulatory environment too ‘unpredictable’, so will not release multimodal Llama…

3 days ago

Synchron Announces Brain Interface Chat Powered by OpenAI

Brain implant firm Synchron offers AI-driven emotion and language predictions for users, powered by OpenAI's…

3 days ago