A newly-outed trojan is exploiting iOS and Android devices, ripping iCloud credentials abusing the trusted link between phones and PCs, says Palo Alto security researcher Claud Xiao. The attack appears to have failed in most circumstances, thanks to iOS’ sandboxing security controls, hardened modern Android operating systems, and the overt nature of the attack, and will flunk in all current attacks given the expiration of a certificate. Xiao (@claud_xiao) says the DualToy malware targets Windows machines that have been authorised to work with iPhones and abuses the Android Debug Bridge facility commonly installed by users who run custom Android ROMs.
View full story
ORIGINAL SOURCE: The Register