iPhone users have been targeted with mobile malware via MDM (mobile device management)

There are still folks who believe some devices (or even all devices from a particular brand) can’t be infected. For example, some may perceive the venerable iPhone as impregnable.

In this day and age of rampant cybercrime, one can’t afford to think this way. If you’re connecting to the internet, there’s more than likely some sort of vulnerability. Unpatched software, a previously undetected exploit, and tricky social engineering are examples of gateways through which hackers can get at your data and personal information.


A long-standing MDM malware campaign

Security researchers at Talos detected a mobile malware campaign that uses open-source MDM (mobile device management) software to attack iPhones. Once in the door, hackers can inject malicious code to steal information such as contact details, photos, the device’s serial number, and the contents of SMS messages. The location of the device can also be determined.

Through logs in the command and control server for the MDM malware, the security researchers were able to ascertain this campaign has been in operation since August of 2015.

It hasn’t been established how the MDM got onto the affected iPhones. Typically, the installation of MDM necessitates the onboarding of additional certificates. It’s unlikely the cybercriminals were able to physically handle the devices and install their malware themselves. Security researchers thus posit the setup was done via sophisticated social engineering.


Phishing and social engineering: pervasive threats

Though the number of affected iPhones in this particular malware campaign has been very low, one must stay aware of the various ploys cybercriminals use… and be forward-thinking. Cybercriminals learn from their successes and failures and come back with more potent threats designed to overcome any shortcomings that kept their previous attacks from reaching their true potential.

With the rise of mobile devices, MDM applications are becoming more popular. Organizations are using them to managing their team’s devices, and parents are using them to keep tabs on their children’s mobile and online habits.

The main lessons here are to be especially mindful when granting applications such as MDM heightened permissions, and to stay ever-vigilant about phishing emails and social engineering tactics.

Unsolicited emails containing hyperlinks and attachments should be treated extremely carefully. Phishing emails, fraudulent emails that attempt to make individuals give up personal information and account credentials, are designed to look like they’re from trusted senders. These phishing emails may even contain information in the subject line and body that jive with the target’s line of business, thus making it that much more innocuous-looking and enticing.

When in doubt, always take pause and, if need be, ask your IT department or managed security provider to review a suspicious email. You can also contact the email’s sender directly or log into an appropriate account to help determine if the message/alert is in fact legitimate.


Drive-by downloads: malicious code looking for the next passerby

One must also exercise caution on the wild frontiers of the internet. Clicking on the wrong thing can lead to a world of pain. Any click-happy tendencies one harbors must be suppressed.

Malicious or compromised web pages can contain harmful code that’s just looking for victims. A drive-by download is an inadvertent download of such code. This can happen surreptitiously after you click on a link in a bogus email or social media post and visit the malicious site.

These drive-by downloads take advantage of exploits in your browser or operating system.

Sometimes, in order to have a higher chance of infection, the page will contain a veritable cocktail of code targeting a spectrum of exploits.

Staying away from risky web destinations (such as file-sharing sites) and keeping your apps and OS patched and up-to-date are two ways to keep safe from these threats.


Layered security and managed services

With so many threats out in the digital world, it can be overwhelming to keep up with it all. It’s an arms race, with malware authors trying to up the ante with their tactics and code in a continuing quest to extend their operations past the security industry’s reach.

Layering your security is a good strategy to make it hard for threats to get through your defenses.

For businesses who lack a dedicated IT security staff and need to stay concentrated on their business, an MSP (managed service provider) can offer security as a managed service.

A managed service is an aspect of an organization’s IT that’s completely managed by a third party. Because the managed service provider has the full responsibility of the day-to-day operation and maintenance of that service, the business can better keep its staff’s focus on their core mission.

Contact InCare today at 205-277-CARE or fill out the form below for a free managed security consultation.


InCare is an industry-recognized MSP and IT company providing computer networking and security services. We’re headquartered in Birmingham, AL, with offices in Montgomery, AL and Jackson, MS.



Get a free security consultation









Share This