iOS and Android Devices Targeted by Xsser mRAT Trojan

I’m honestly just so tired of hearing about hackers, don’t they have anything better to do. Why not use their skills to do something good? They’re hurting innocent people who never did anything to them, it just makes no sense to me but I guess it never will. State of the Internet is reporting that the Xsser mRAT Trojan virus is now targeting both iOS and Android devices where the attacker can use your phone for various malicious purposes like DDOS and just stealing your info. It was originally just targeting Android but now it’s moved on to iOS but it’s only for those devices that are jailbroken.

Akamai Technologies, Inc. the leading provider of cloud services for delivering, optimizing and securing online content and business applications, today released, through the company’s Prolexic Security Engineering & Research Team (PLXsert), a new cybersecurity threat advisory. The advisory alerts enterprises, governments and individuals to the Xsser mobile remote access Trojan (mRAT), which targets iOS and Android devices. The Xsser mRAT is spread through man-in-the-middle and phishing attacks and may involve cellphone tower eavesdropping for location-specific attacks. The advisory is available for download from Apple_gray_logo

Jailbroken iOS devices at risk
Jailbreaking is the process of removing limitations and security checks in the iOS operating system in order to allow users to install applications from other application stores. InChina, for example, 14 percent of the 60 million iOS devices are estimated to have been jailbroken, often to support the use of third-party Chinese character keyboard apps.  Jailbroken phones are at greater risk for malware.

Mobile remote access Trojan: the Xsser mRAT
Formerly, Xsser mRAT targeted only Android devices, but a new variant infects jailbroken iOS devices. The app is installed via a rogue repository on Cydia, the most popular third-party application store for jailbroken iPhones. Once the malicious bundle has been installed and executed, it gains persistence – preventing the user from deleting it. The mRAT then makes server-side checks and proceeds to steal data from the user’s device and executes remote commands as directed by its command-and-control (C2) server.

“Infected phones with the remote access software installed could be used for a wide variety of malicious purposes including surveillance, the stealing of login credentials, launching distributed denial of service (DDoS) attacks, and more,” added Scholly. “With more than a billion smartphone users worldwide, this kind of malware creates significant risks to privacy and a risk of rampant illegal activity.”

The best protection is to prevent infection
It is difficult to detect whether a phone is under attack from malware such as Xsser mRAT, so a focus on prevention is necessary. Virtual private networks (VPN), two-factor authentication, peer-to-peer proximity networking and commercial phone security applications can provide some protection. Avoiding the use of free Wi-Fi hotspots and automatic connections, ignoring unexpected communications, not jailbreaking phones and not using apps from untrusted sources are some of the self-protection approaches discussed in the advisory.

Get the Man-in-the-Middle Attacks Target iOS and Android Threat Advisory to learn more
In the advisory, PLXsert shares its analysis and details, including:

  • Open source intelligence about attacks against mobile devices
  • How attackers access Android devices
  • How attackers access iOS devices
  • Man-in-the-middle GSM and CDMA vulnerabilities
  • Why jailbroken phones are at high risk
  • How Xsser mRAT ends up on mobile phones
  • The malicious use of the Cydia repository
  • Infection prevention tips

A complimentary copy of the threat advisory is available for download at www.stateoftheinternet.com/xsser.