Beware: what seems to be your regular Facebook, WhatsApp, or Twitter apps could actually be hackers disguising themselves in a “Masque” attack. Hackers have discovered how to trick iPhone users into installing malicious apps that look and perform like the real thing, but they’re controlled by hackers.
The installations are triggered when users click on web links that prompt the downloads. Simon Mullis, the global technical lead of FireEye — an IT security company that provides threat forensics and malware protection against advanced cyber threats — told Business Insider that Masque attacks use a method called “URL Scheme Hijacking,” in which the hacker evades Apple’s mechanism that ensures a user trusts an app that’s being installed.
Once the app is installed, the user will most likely notice nothing different. The downloads occur without the user seeing them, so whether a user clicks the link accidentally or intentionally, there’s essentially no way of discerning between the Malware app and the real one once it’s installed. The app looks and behaves like the real thing, but the hackers secretly control it, monitoring all user activity.
The hackers will also have access to the communications used by legitimate apps once the Malware is installed. They will then be able to steal information, such as login credentials.
Apparently, hackers discovered this vulnerability through stolen information from Hacking Team, the web security firm that got hacked in June. Mullis claims that FireEye has already detected several malicious versions of highly-popular legitimate smartphone apps.
“Imagine a malicious version of a taxi application that always calls a driver who is working with the bad guys; an Instant Messenger app that automatically uploads private messages, photos and GPS locations to a remote server,” he said.
Mullis says the number of attacks is currently “small,” affecting an undisclosed number of victims. However, he predicts the attacks will continue to spread in the future, and may even be used by criminal gangs for financial gain.
As Masque attacks are a relatively new technique of hacking, it’s hard to pinpoint the best methods of protection. FireEye recommends that iOS users always update their phones to the latest version of iOS and be wary of the links they click.