The Milpitas, Calif.-based security firm FireEye has reported that hackers are exploiting vulnerabilities in Apple's mobile operating system to launch "Masque Attacks" – malware disguised as popular apps such as Facebook, Twitter and Google Chrome.
The cybersecurity firm said it has discovered 11 iOS threats. The malicious apps look like their legitimate counterparts on a user's device, but are designed steal sensitive information and send it to a remote server.
FireEye previously described the threats posed by Masque Attacks in a series of blogs. The malicious apps are installed when a user clicks on a link in an email, text message or fake advertisement.
"Up until now, these attacks had never been seen carried out in the wild, highlighting that advanced threats were not utilizing mobile to carry out their attacks despite rapid user adoption," the report explained.
However, FireEye said the recent discoveries mark the first instance of targeted iOS malware used on iOS devices that have not been jailbroken. Jailbreaking a device removes all of its built-in iOS security mechanisms.
These reverse-engineered, weaponized versions of popular social networking and messaging apps are unlike the real versions in that they come with an extra binary designed to exfiltrate sensitive data and communicate with a remote server.
Because their bundle identifiers match those of the genuine apps in the App Store, they can directly replace the genuine apps on iOS devices operating on software released prior to 8.1.3. Their bundle identifiers are in fact configurable by remote attackers.
"Although Apple has fixed or partially fixed the original Masque Attack on iOS 8.1.3, there are still other attack surfaces to exploit vulnerabilities in the installation process on iOS," FireEye's Zhaofeng Chen, Tao Wei, Hui Xue and Yulong Zhang said in a blog post.
This attack was discovered as part of 400GB of files that were hacked from an Italian surveillance technology company.
Recently, the San Francisco-based Zimperium Mobile Security warned that a flaw in the Android media library Stagefright left 95% of an estimated 950 million Android-based mobile devices susceptible to remote code execution vulnerabilities.
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Roy Urrico
Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).
