Cisco Talos has discovered a new menace to iPhone users—a sophisticated malware campaign targeting iPhones to trick users into downloading an open-source Mobile Device Management (MDM) solution that gives the hackers control of the phone. It is reported that Cisco and Apple are working together to combat the threat.
According to reports, once the MDM tool is downloaded and the hackers have control of the phone, they can steal information from the infected devices, including the phone number, serial number, location, contact information and basically everything else on the phone.
Cisco reports that the infected phones use iOS versions 10.2.1 to 11.2.6. It believes that the attackers were able to obtain the permissions required to infect the phones through extensive social engineering efforts.
Although the confirmed attacks against particular iPhone users are low, because they used malicious versions of Telegram and WhatsApp, security experts are warning users to be vigilant about downloading apps onto their phone, including mobile device management solutions, and to confirm that the MDM solution is sanctioned by employers or others issuing the solution.