Security firm Trend Micro has discovered two new types of iOS malware that seem designed to spy on a victim's iOS device.
The firm believes the malware is connected to the cyber-espionage initiative Operation Pawn Storm. The program targets military officials, government, and defence industries in countries such as Austria, France, Pakistan, Hungary and the US.
To meet its goals, the operation uses different methods. First, it utilises malware in the form of propagation of existing Windows malware named SEDNIT/Sofacy that steals system information and keystrokes. This malware is typically sent in an email attachment, or served from compromised websites.
It also employs phishing websites. Emails read from Outlook Web App (OWA) redirect to phishing websites and lure the victim into entering his or her credentials.
According to Trend Micro, the two new iOS malwares are another method for the operation to spy on their targets.
The first sample is said to be small and only records sound, while the second is more advanced. It responds to various commands like exfiltrating SMS text messages, contacts, pictures and geo-location data. The information is sent to a remote command and control (C&C) via HTTP.
Trend Micro said the malware has been written for iOS 7.1 and will not work on earlier versions of the software. The malware is supposed to work on iOS 8, but not as effectively. It is unable to hide its icon on iOS 8 devices and thus is more conspicuous.
The security firm believes the second, and more complex, sample should work on non-jailbroken phones. Trend Micro said the malware did not launch on the phone in the company lab, but it believes it can.
The iOS device gets infected by the attacker physically installing the malware on the victim's phone using Apple's adhoc provisioning or through infection via USB connection to an infected PC/Apple device.