We’re used to seeing malware pop up on Android devices from time to time, but it’s rare that iPhones fall victim to the same type of malicious software owing to Apple’s far more stringent rules around Android OS (operating system) development. However, a new type of malware has been spotted on both Android and Apple devices, which is one of the most dangerous yet.
Named ‘Exodus’, the malware has some truly frightening tactics that have previously allowed the software to harvest phone numbers, passwords, message histories, contact information, and even audio and video recordings. What’s more, some of this data could be transferred to external servers. Here’s what you need to know.
How could this be allowed to happen?
Android OS is run by billions of devices around the world, and both Google — who own the Android operating system — and Apple have strict security checks in place for those who develop phone software for the respective app stores. With such huge companies at the helm, you may be left wondering how this kind of malware could even come close to reaching users’ devices.
Well, the Exodus malware in particular was the product of a specific type of software development that’s used for military, government and law enforcement use. Once a little-known practice, this area of development produces applications that are used for surveillance purposes.
Attackers were able to sneak the Android version of the software past Google’s security processes, hiding it in plain sight on the Google Play Store. However, they either failed or never tried to do the same on the Apple App Store. Instead, they abused the Developer Enterprise Programme, which allows companies to release their software en-masse in-house, without the same level of security checks. For a fee of $300, developers can obtain such a license and more easily spread their software – be it good or bad.
What’s more, this was not a basic, throwaway application that was hashed together by sloppy cyber-criminals. A security research organisation ‘Lookout’ discovered evidence that the application has been under development or operating for around half a decade in some form.
Exodus affects Android and iOS
In both cases, the developers of the Exodus software disguised the malware as legitimate carrier applications, even going as far as to set up fake phishing websites to direct users towards downloading the apps. Once on your device, the behaviour differed slightly depending on whether you were using an Apple or Android device.
With Android devices offering greater freedom to developers, this operating system was at greater risk by the malicious app. The application would operate in 3 stages. Firstly, it would start by securing a foothold in your device. Then, secondly, it would download and initiate all the surveillance tools that were built-in. Finally, the third stage involved the application gaining root access to your device.
Root access on an Android device is something that allows a person or a piece of software to execute admin-level functions and other tasks that are normally locked down to anybody but a software developer. Through this method, the app could perform its most sinister data-harvesting activities.
On an iPhone, the application had to rely on users accepting the various permissions that the app tried to establish when run for the first time, but some unsuspecting and trusting users could easily accept them blindly without realising that there were nefarious intentions.
Are you at risk?
The biggest risk, which was having the Exodus malware establish root access to your Android device, is no longer a problem. Google patched the exploit that made this possible in 2016, so any device newer than this, or one that has been updated recently will be safe.
And as it happens, as an iOS user you’ll be safe, too, providing you’ve updated your phone to the latest version of the operating system. As the security firm ‘Lookout’ already warned Apple about the issues, a fix has since been released and made available. And when it comes to Google’s operating system, the company has already removed around 25 offending applications from the Google Play Store.
In other words, there should be little risk to you providing you keep your mobile software up to date, something that we recommend doing on a regular basis. This isn’t just limited to phone either; keeping all your devices up to date with the most recent software and security patches means you’re well-protected against the latest threats.