iOS users are now in danger of falling victim to a new kind of spyware that was first seen present on the Android platform.

The new iOS spyware, dubbed Exodus, was first spotted by researchers at the security firm Lookout. After about a year of being tracked, its secret existence on the iOS platform has finally been revealed.

According to an official Lookout Blog post, Exodus is best classified as a type of surveillanceware, one that can take an inordinate amount of personal data from a user's device without them ever knowing. It was once present only on the Android platform, with some of its versions being found in certain apps on the Google Play Store. Now, it appears that it has been ported to iOS. 

Exodus: A Direct Port From Android

Based on information shared by Lookout security researcher Adam Bauer, the iOS version of Exodus is directly linked to its Android counterpart. That is, both were likely made by the same group of people, as evidenced by the results of their Android sample analysis.

"Analysis of these Android samples led to the discovery of infrastructure that contained several samples of an iOS port," Bauer explained. "So far, this software (along with the Android version) has been made available through phishing sites that imitated Italian and Turkmenistani mobile carriers."

The culprit behind the existence of this spyware has been identified to be Connexxa, an Italian app maker known to provide certain kinds of tools for surveillance to Italian authorities.

Spyware Attack Similarities

The researchers also found that the iOS version of Exodus uploaded all the data that it had stolen from affected devices to the exact same server that the Android version used. Not only that, but it also used a similar protocol to function. As emphasized by ZDNet, it was even capable of rooting devices and granting full control to any would-be attackers.

The name of the game for spyware like Exodus is simply exfiltration. Once installed, it can steal a user's contacts, photos, audio recordings, and even location data without so much as a notification.
The good news is that the iOS version of Exodus is rather mild compared to the one on Android. It's described as rudimentary, and fortunately, only present in third-party phishing sites.

In any case, it has been reported to Apple and swiftly eradicated. It worked in secret by abusing the Apple Developer Enterprise program, which has now been fixed. As of this writing, there are no new instances of Exodus on any active iOS devices. Meanwhile, old installations will no longer pose any threats. Score one for vigilant mobile security research.

ⓒ 2021 All rights reserved. Do not reproduce without permission.