Hyper-targeted attack against 13 iPhones dropped malicious apps via MDM
In what appears to be a case of highly focused social engineering against a small group of iPhone users, malicious actors managed to get 13 iPhones registered on their rogue mobile device management (MDM) servers and then pushed out applications that allowed the hackers to track the locations of the phones and read victims' SMS messages.
The attacks, reported by Cisco's Talos, used the "BOptions" sideloading technique to modify versions of legitimate applications, including WhatsApp and Telegram. The initiative inserted additional libraries into the application packages, and the modified applications were then deployed to the 13 victim iPhones via the rogue mobile device management systems.
"The malicious code inserted into these apps is capable of collecting and exfiltrating information from the device, such as the phone number, serial number, location, contacts, user's photos, SMS, and Telegram and WhatsApp chat messages," wrote Talos researchers Warren Mercer, Paul Rascagneres, and Andrew Williams in a post on the attack. "Such information can be used to manipulate a victim or even use it for blackmail or bribery."