Mobile security firm Lacoon has discovered an advanced iOS trojan in China that affects jailbroken devices and is allegedly linked to similar Android spyware already being broadly distributed in Hong Kong through a link shared via cross-platform messaging app WhatsApp.
The newly discovered trojan is called Xsser mRAT and has the potential to infect jailbroken iPhone, iPad and iPod touch devices. The report claims that cross-platform attacks on both iOS and Android are rare, with Lacoon suggesting that it could be a targeted attack on Chinese protesters by the Chinese government.
The trojan is significant because it could also be used as part of a large-scale attack by Chinese-speaking entities to spy on individuals, companies and even governments in foreign countries. Although, the fact that it is limited to jailbroken devices on iOS lessens the threat.
“When infected, Xsser mRAT exposes virtually any information on iOS devices including SMS, email, and instant messages, and can also reveal location data, usernames and passwords, call logs and contact information.”
It appears that targeted users would have to install a malicious app through a non-default Cydia repository, further mitigating the risk that jailbroken users will be affected. Nevertheless, it is a good reminder to always make sure you are using trusted repositories.
If you are running iOS 8 or have not jailbroken your iPhone, iPad or iPod touch, this Chinese trojan should not be a threat to you.
Read the source article for more technical details surrounding the spyware.[via Lacoon]