SCF Advanced Search



  • Total Posts: 38467
  • Total Topics: 13016
  • Online Today: 1193
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)


Author Topic: Russian hackers use XAgent malware to infects "government's" iPhones  (Read 1785 times)

0 Members and 1 Guest are viewing this topic.


  • SCF Administrator
  • *****
  • Posts: 7528
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • - Samker's Computer Forum

Attackers, perhaps of Russian origin are infecting the iPhones linked to government, defence and media sectors with dangerous spy malware capable of breaching non-jailbroken devices, researchers say.

The XAgent malware part of attacks unveiled last year against Windows devices has moved to iOS targeting iOS 7 and to much lesser effect iOS 8:

About a quarter of Apple users still run iOS 7.

Trend Micro threat researchers Lambert Sun, Brooks Hong, and Feike Hacquebord said the malware could monitor and siphon media, directories, text messages to remote servers and capture photos and audio on jailbroken devices.

"The XAgent app is fully functional malware," the trio said in a research note:

"The exact methods of installing these malware is unknown; however, we do know that the iOS device doesn't have to be jailbroken ... we have seen one instance wherein a lure involving XAgent simply says 'tap here to install the application'."

That attack relied on Cupertino's ad hoc provisioning used by app developers to enable installation with a link.

Attacks against iOS 7 devices quietly restarted when closed and remained invisible to the user as a background process. It fared far worse on iOS 8 where it had to be manually started on reboot by victims and could not hide.

Researchers said the malware appeared to be carefully maintained and consistently updated

XAgent was tied to a campaign dubbed Operation Pawn Storm targeting anti-Russian actors linked to the Ukraine conflict which used typosquatting and phishing to compromise high-profile victims:

The command and control server used in the attacks was in operation at the time of research.


Samker's Computer Forum -


  • SCF VIP Member
  • *****
  • Posts: 3597
  • KARMA: 157
  • Gender: Female
Nowhere to hide...
More information about bitcoin, altcoin & crypto in general? GO TO

Cuisvis hominis est errare, nullius nisi insipientis in errore persevare... So why not get the real SCForum employees to help YOUR troubled computer!!! SCF Remote PC Assist

Samker's Computer Forum -


With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters)

Enter your email address to receive daily email with ' - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising