Hackers have figured out how to persuade iPhone users to install malicious apps on their iPhones without their knowledge. The apps may look and perform like the real thing, but they’re controlled by hackers. The installations occur when users unwittingly click on web links that trigger the downloads. Bogus apps include malware versions of Twitter, Facebook, WhatsApp.
FireEye global technical lead Simon Mullis reported the “Masque” attack in an interview with Business Insider.
“The most recent version of the Masque attack uses a technique called ‘URL Scheme Hijacking.’ The attacker is initially able to bypass the mechanism used by Apple to ensure that a user trusts an app that is being installed,” he said.
The attacks work by duping smartphone users into installing the malicious apps without their knowledge. If a user clicks on an infected link while browsing the web, then Masque can download an app onto an iPhone without the users knowing. That app will look and behave like the real thing — except that hackers will be controlling and monitoring it, and watching what you do on it.
view the full story here