13 iPhones Users targeted by attackers using MDM Malware!

A Campaign active since August 2015 which had been using MDM Protocol to spy on 13 iPhone users in India was recently uncovered by security researchers. The attackers who were posing to be Russians were most probably operating from India.
MDM or Mobile Device Management Protocol is security software which is utilized by large companies or enterprises to monitor and control policies on the devices used by the members of the workforce. The MDM protocol was being used to dispatch and regulate new applications via remote access.
The MDM protocol is connected with the Apple Push notification service (APNS) to manage the connected device by sending a wake-up alert on the device. Once the device is linked, it connects to a pre determined web service that can be used for giving out commands or installing apps and services on the targeted device.
MDM malware app installation certificate
The security researchers were unable to find out how the cyber attackers succeeded in installing the MDM Malware into the 13 iPhones. It is because the enrollment process of the MDM protocol can be done only through user interaction. Other then tricking the users into installing the malicious MDM Protocol into their devices the researchers have still been unable to understand how the devices were infected.
MDM protocol can be delivered on the device using email attachments or over-the-air enrollment service using Apple configurator.
This service is used by companies to control the devices, install/uninstall apps, lock the device, change passwords, revoke/install certificates. All this can be done through remote access.

Comments

Post a Comment

Popular posts from this blog

How to Remove Search.newtabtvsearch.com or NewTabTV Redirect?

Image
Search.newtabtvsearch.com is a nasty browser hijacker that hijacks your browser to alter its homepage and new tab functionality. Besides that, it displays constant banners, pop-ups and annoying ads to diminish your overall browsing experience. What is Search.newtabtvsearch.com Redirect? Search.newtabtvsearch.com or Newtab-TV Redirect is a browser hijacker presented in the form of suspicious search engine. This search engine has been developed by Imali Media Ltd. and the company claims that the application let the users watch television, news and their favorite shows on their PC. It will replace the page you see when opening a new tab as given in the image below: Upon installation, Search.newtabtvsearch.com will present its search results to the user through http://search.yahoo.com. Browser extensions like Newtab-TV get installed as a result of software bundling along with free software or applications which the user download off the internet. Threat Summary   ...
Read more

How to remove Speedtest-guide.com redirect from your system

Image
Guide to Remove Speedtest-guide.com redirect Speedtest-guide.com redirect is a nasty browser hijacker that changes the default browser settings such as home-page, search engine & new tab functionality. In addition to that, it displays annoying ads & causes infuriating redirects to dubious sites, thus deteriorating the web-browsing experience. This rogue browser redirector claims to be a free tool that can be used to test Internet speed & customize the web search. It also enables the users to keep a track of the previous tests & access speed boosting tips. While Speedtest-guide.com appears to be a useful & legit application, the users have reported of its questionable behavior. Firstly, to operate on a system, it requires modifying the browser settings without user’s permission. It does so to promote a fake search engine - Speedtest-guide.com. It causes unnecessary browser redirects & possesses the capability of tracking down user’s online ...
Read more

Tampermonkey Chrome Extension Blacklisted by the popular Web Browser Opera

Image
Chrome Web Store is facing an uphill battle from the last few years for hosting malevolent add-ons that claim to enhance your web browser capabilities. Tampermonkey, the widely used free browser extension known to manage user scripts & offer valuable features to improve user’s browsing experience has been declared malicious by the infamous Opera web Browser. So if you have installed  Tampermonkey 4.7.54  extension from Chrome web Store in Opera Browser & using it, you will be alerted by the warning: Opera has blacklisted one of your extensions, and we’ve blocked it for your safety. Go to the extensions manager for more details The popular user script manager extension, Tampermonkey has over 10 million users & is available for all the popular browsers including Chrome, Safari, Opera, Firefox & Microsoft Edge. The distinctive attributes offered by the extension include: Clear Overview over the running scripts. ZIP- based import & export A built-in e...
Read more