A cyber alert from cloud services provider Akamai Technologies, through its Prolexic Security & Research Team, warns of the threat to users of iOS and Android devices from man-in-the-middle attacks
According to Akamai, the Xsser mRAT is spread through man-in-the-middle and phishing attacks and may involve cellphone tower eavesdropping for location-specific attacks.
"Sophisticated malicious actors are targeting unsuspecting mobile device users," said Stuart Scholly, senior vice president and general manager, Security Business Unit, Akamai.
Formerly, Xsser mRAT targeted only Android devices, but Akamai says that a new variant infects jailbroken iOS devices, with the app installed via a rogue repository on Cydia, the most popular third-party application store for jailbroken iPhones.
Scholly says that once the malicious bundle has been installed and executed, it gains persistence – preventing the user from deleting it. The mRAT then makes server-side checks and proceeds to steal data from the user's device and executes remote commands as directed by its command-and-control (C2) server.
"Infected phones with the remote access software installed could be used for a wide variety of malicious purposes including surveillance, the stealing of login credentials, launching distributed denial of service (DDoS) attacks, and more.
"With more than a billion smartphone users worldwide, this kind of malware creates significant risks to privacy and a risk of rampant illegal activity."
Scholly describes jailbreaking as the process of removing limitations and security checks in the iOS operating system in order to allow users to install applications from other application stores, and says that In China, for example, 14% of the 60 million iOS devices are estimated to have been jailbroken, often to support the use of third-party Chinese character keyboard apps.
“Jailbroken phones are at greater risk for malware,” Scholly warns.
Scholly says the best protection for users is to prevent infection, although he says that it is difficult to detect whether a phone is under attack from malware such as Xsser mRAT, “so a focus on prevention is necessary.”
“Virtual private networks (VPN), two-factor authentication, peer-to-peer proximity networking and commercial phone security applications can provide some protection. Avoiding the use of free Wi-Fi hotspots and automatic connections, ignoring unexpected communications, not jailbreaking phones and not using apps from untrusted sources are some of the self-protection approaches,” Scholly says.
A complimentary copy of the threat advisory issued by Akamia is available for download here