Home iOS Social engineering, fake App Stores, hit iOS, Sophos warns

Social engineering, fake App Stores, hit iOS, Sophos warns

49
6

I didn’t entirely mean to focus on Apple device security for most of this week (see here and here), but new Sophos research should interest any enterprise working to enhance security awareness.

Breaking bad

The research looks at 167 counterfeit apps used to scam iOS and Android users. Those that impact Apple’s mobile OS particularly stood out, as they show the increasing sophistication of malware authors.

Sophos found these sophisticated attacks combine a range of weaponry, from social engineering, counterfeit websites, fake iOS App Store pages, and even an iOS app-testing website to get these fake apps to victim’s devices.

Sophos warns the attacks may be operated by the same group and all the apps identified purport to be crypto, stock, and banking apps that steal from those using them. It is important to note that Sophos has shared details of these apps and they should now be picked up by malware detection apps.

What attack vectors were used?

What’s important for enterprise users to identify is what attack vectors were used to distribute these apps. Primarily, these are good examples of social engineering combined with sophisticated attempts at spoofing.

For example, researchers identified an instance in which an attacker found a victim in a dating app who they eventually manipulated into installing a fake app that then attempted to steal a person’s cryptocurrency details.

The attacks also used spoof websites that appear to be legitimate sites for known brands, and made use of ad hoc app distribution and quite-convincing App Store download pages, complete with fake customer reviews.

Humanity is vulnerable

What makes these convincing exploits dangerous is the constructed authenticity. It means people, including your employees, can easily fall prey to them. Once again, these attempts focus on the weakest link in any security chain – the humans using the equipment.

Copyright © 2021 IDG Communications, Inc.

6 COMMENTS

  1. I think this is one of the so much significant info for me.
    And i’m glad studying your article. However should statement on few general things, The site style is ideal,
    the articles is in point of fact great : D. Good job, cheers

  2. 372622 246144Good V I should definitely pronounce, impressed with your web site. I had no trouble navigating through all tabs as well as related information ended up being truly easy to do to access. I recently found what I hoped for before you know it at all. 598816

LEAVE A REPLY

Please enter your comment!
Please enter your name here