Social engineering, fake App Stores, hit iOS, Sophos warns


I didn’t entirely mean to focus on Apple device security for most of this week (see here and here), but new Sophos research should interest any enterprise working to enhance security awareness.

Breaking bad

The research looks at 167 counterfeit apps used to scam iOS and Android users. Those that impact Apple’s mobile OS particularly stood out, as they show the increasing sophistication of malware authors.

Sophos found these sophisticated attacks combine a range of weaponry, from social engineering, counterfeit websites, fake iOS App Store pages, and even an iOS app-testing website to get these fake apps to victim’s devices.

Sophos warns the attacks may be operated by the same group and all the apps identified purport to be crypto, stock, and banking apps that steal from those using them. It is important to note that Sophos has shared details of these apps and they should now be picked up by malware detection apps.

What attack vectors were used?

What’s important for enterprise users to identify is what attack vectors were used to distribute these apps. Primarily, these are good examples of social engineering combined with sophisticated attempts at spoofing.

For example, researchers identified an instance in which an attacker found a victim in a dating app who they eventually manipulated into installing a fake app that then attempted to steal a person’s cryptocurrency details.

Copyright © 2021 IDG Communications, Inc.





Source link