MDM Malware
News | 07/16/2018

13 iPhones Users targeted by attackers using MDM Malware!

About: Cyber attackers targeted 13 iPhone users using MDM protocol to spy on their locations, photos, videos, contacts and messages etc. Researchers were unable to find out how the cyber miscreants gained access to these devices but they were able to determ...  Read More  

| News | 13 iPhones Users targeted by attackers using MDM Malware!

13 iPhones Users targeted by attackers using MDM Malware!


A Campaign active since August 2015 which had been using MDM Protocol to spy on 13 iPhone users in India was recently uncovered by security researchers. The attackers who were posing to be Russians were most probably operating from India.

MDM or Mobile Device Management Protocol is security software which is utilized by large companies or enterprises to monitor and control policies on the devices used by the members of the workforce. The MDM protocol was being used to dispatch and regulate new applications via remote access.

The MDM protocol is connected with the Apple Push notification service (APNS) to manage the connected device by sending a wake-up alert on the device. Once the device is linked, it connects to a pre determined web service that can be used for giving out commands or installing apps and services on the targeted device.

MDM malware app installation certificate

The security researchers were unable to find out how the cyber attackers succeeded in installing the MDM Malware into the 13 iPhones. It is because the enrollment process of the MDM protocol can be done only through user interaction. Other then tricking the users into installing the malicious MDM Protocol into their devices the researchers have still been unable to understand how the devices were infected.

MDM protocol can be delivered on the device using email attachments or over-the-air enrollment service using Apple configurator.

This service is used by companies to control the devices, install/uninstall apps, lock the device, change passwords, revoke/install certificates. All this can be done through remote access.

The Malicious MDM Malware protocol was being used by the cyber attackers to remotely install a fake or modified version of genuine apps. These apps were designed to secretly spy on the users and steal their private info. The apps also had access to user location, photos, videos, files and contacts. Even private messages on chat applications were being transmitted to the cyber miscreants.

The BOption Sideloading technique was used by the cyber miscreants to add a dynamic library to the chat and messaging app, such as Telegram and WhatsApp. The dynamic library could ask for additional permissions that can then steal data and execute harmful code. The added harmful features by the cyber attackers to these apps were done in order to spy on the 13 users. It sent the contacts, messages, locations and images from the device to the remote servers of the attackers.

The Targeted devices were not discovered earlier due to the low amount of devices affected by the MDM Malware. This allowed the cyber attacker(s) to remain hidden for three years from being detected. Apple had canceled the certificates in the affected devices after this attack was reported by the researchers.

Hits: 290

Leave a Reply

Your email address will not be published. Required fields are marked *

Did you find the article informative? Yes NO

Get Regular Updates Related to All the Threats

Want to stay informed about the latest threats & malware? Sign up for our newsletter & learn how to get rid of all types of threats from your computer.

Virus Removal Guidelines
Plot No 319, Nandpuri- B Pratap Nagar
Rajasthan 302033
Phone: +91 9799661866