Get Data

This threat was discovered back in July 2014, when installing an app using �enterprise/ad-hock� provisioning that it could replace a genuine app on your iOS device if it had the same �bundle identifier�. This app could display the title it wanted during the installation process but once on the device, this malware could then replace any user-installed app, but not the pre-installed ones from Appple.

FireEye says that it informed Apple about this back on the 26th of July, but since then, the team of researchers have verified that this vulnerability still exists in iOS 7.1.1, 7.1.2, 8.0, 8.1, and the new iOS 8.1.1 beta. The vulnerability and threat remains for both jailbroken and non-jailbroken devices as Masque Attack works through wireless networks as well as USB connections.

The previous threat that we saw, WireLurker which infected iOS devices through Macs using USB, was also using Masque Attacks ghosting in limited form. Apple responded to WireLurker after news of it spread and FireEye believes that the threat from Masque Attack is far greater than WireLurker could ever have posed. They have said that the malware can replace authentic apps such as banking ones and replace them with ones from the attacker. Such apps can even sport the same UI as well ensuring that the attacker is able to collect all your personal details.

Another surprising fact is that this malware can even access the original apps local data which wasnt removed when the original app was replaced. This data may contain cached emails, or login-tokens, which the malware can then use to log into the users account directly. FireEye has also taken note of the security consequences that Masque Attack can have on infected iOS devices. While these details are too technical in nature, it does paint a picture of the seriousness of this issue and how easy it is for Masque Attack to steal personal information, including financial details from any infected iOS device.