Mobile RAT Targets iOS, Android

Monday, December 22, 2014 @ 05:12 PM gHale

There is a mobile remote access Trojan used to target iOS and Android devices, researchers said.

The Xsser mRAT spreads through man-in-the-middle and phishing attacks, according to Akamai’s Prolexic Security Engineering and Research Team (PLXsert).

Domain Names Seized
Trojan Variant Uses Grammar Tool
Updated Malware Boosts Espionage Tool
RAT Hides and then Attacks

The researchers believe the people behind the malware is an organized group targeting owners of specific phones and software vendors with the goal of stealing credentials, hijacking browsing sessions or execute code at the compromised devices.

The activity began in September and has been mostly in Asia. The attacks focused on software vendors, software-as-a-service (SaaS) providers and Internet service providers, and have also attempted to serve malicious applications via phishing techniques or by impersonating legitimate websites. Other attacks use phishing to trick users into downloading applications hosted on third-party repositories.

The attacks are not widespread right now and the command-and-control center is now down, the advisory said.

While the malware previously only impacted Android, the latest variant of the malware affects jailbroken iOS devices, the advisory said.

“The app is installed via a rogue Cydia repository and once the bundle has been installed and executed, it gains persistence,” the advisory said. “It then makes server-side checks and proceeds to exfiltrate data from the user’s device and executes remote commands from its command and-control (C&C) server.”

“Sophisticated malicious actors are targeting unsuspecting mobile device users,” said Stuart Scholly, senior vice president and general manager of the Security Business Unit at Akamai. “Attackers are impersonating or bypassing Google and Apple app stores and using social engineering to trick users into downloading unverified apps that install malicious applications such as the Xsser remote access Trojan onto a user’s mobile device. For example, attackers offered a counterfeit Flappy Birds app download to deliver the malicious software.”

“Infected phones with the remote access software installed could be used for a wide variety of malicious purposes including surveillance, the stealing of login credentials, launching distributed denial of service (DDoS) attacks, and more,” Scholly said. “With more than a billion smartphone users worldwide, this kind of malware creates significant risks to privacy and a risk of rampant illegal activity.”

Leave a Reply

You must be logged in to post a comment.