This is to steal messages and pictures from Whatsapp and Telegram in India
Security researchers have uncovered a ‘highly targeted’ mobile malware campaign that has been running since August 2015 and was found spying on 13 selected iPhones in India.
The attackers were abusing mobile device management (MDM) protocol, which is a kind of software used by organisations to control and implement policies on the devices of their employees. Attackers are using this protocol to install malicious applications and spy on devices remotely.
However, to enrol an iOS device into MDM, a user has to manually install the certificate which is obtained through the Apple Developer Enterprise Program.
Once the user installs the certificate, the organisation holds the authority to remotely control the device, install/remove apps, install/revoke certificates, lock the device, change password requirements, etc.
How did the hackers manage to exploit the MDM protocol?
Since the MDM requires user interaction on every step, researchers believe that the hackers used social engineering techniques to install MDM in their device.
Once it was installed, the attackers used the MDM service to remotely install modified versions of legitimate apps like WhatsApp, telegram onto the devices. The hackers injected malicious features into these legitimate apps in order to secretly spy on users steal their real-time location, contacts, photos, SMS and private messages from chat applications.
Although it is still not known who is behind this attack according to the researchers the hackers were operating from India posing themselves as Russians.
Ankush Johar, director at Infosec Ventures, said: "Since the MDM requires user interaction on every step it is highly probable that hackers have used social engineering techniques to convince the users to either click “OK” or even give the attacker physical access of the device.
"Installing an MDM certificate whether iOS or Android is the highest level of permission that a user can give to an application as it allows the application to do almost everything remotely and stealthy.
"The attack although seems to be targeting a very limited no of users, it gives us a picture of how dangerous it is giving physical access to an unknown person can be especially in India where a big chunk of middle-aged people who are not well connected with technology often go to local mobile shop and ask them to configure their device with WhatsApp, Gmail, music and what not.
"Humans are the weakest link in cybersecurity and hackers are well aware of that. It is easier to hack a head instead of a complicated computer system and hence it is the users who have to take necessary precautions to save themselves from these kinds of attacks. Remember- Your security lies in your own hands. Think before you click!"