Researchers at Google Project Zero discovered an attack against iOS users which is present in the form of a malware hidden in hacked websites.
The malware stealthily installs itself for the users surfing any of the hacked websites, which have a readership base of thousands.
Once the malware is installed, it makes the iPhone act as a clandestine spying device which traces the contacts, location and messages, allowing hackers to get an overview of the victim’s life and habits.
The malware extends the collection of data up to the popular third party apps such as Gmail, Whatsapp and Google Maps; it is configured to steal files and upload live location data of the owner.
The hub of white hat hackers, Google’s Project Zero Division, which excelled in discovering multiple bugs and vulnerabilities, said that these attacks are based in a series of hacked sites, that were said to be randomly disseminating malware to iOS users.
The particular series of attack stands out as most of the attacks are more targeted in scope, however these attacks affected people who happened to surf one of the hacked websites.
Explaining the issue, Ian Beer from Project Zero, says, “Real users make risk decisions based on the public perception of the security of these devices. The reality remains that security protections will never eliminate the risk of attack if you’re being targeted. To be targeted might mean simply being born in a certain geographic region or being part of a certain ethnic group.
“All that users can do is be conscious of the fact that mass exploitation still exists and behave accordingly; treating their mobile devices as both integral to their modern lives, yet also as devices which when compromised, can upload their every action into a database to potentially be used against them.”