IOS_XAGENT.A
Information Stealer
iOS
Threat Type: Backdoor
Destructiveness: No
Encrypted: No
In the wild: Yes
OVERVIEW
Downloaded from the Internet
This iOS malware is related to the SEDNIT malware family. It is specifically designed for espionage on iOS devices. It steasl personal data, records audio, takes screenshots of the affected iOS device, and sends information to a remote command and control server. Users affected by this malware may find themselves at risk for identity theft and identity fraud.
To get a one-glance comprehensive view of the behavior of this Backdoor, refer to the Threat Diagram shown below.
This backdoor may be unknowingly downloaded by a user while visiting malicious websites.
It sends stolen data to certain websites.
TECHNICAL DETAILS
287,536 bytes
Mach-O
ZIP
Yes
30 Jan 2015
Steals information, Connects to URLs/IPs
Arrival Details
This backdoor may be unknowingly downloaded by a user while visiting malicious websites.
Mobile Malware Routine
Stolen data are sent to the following remote website(s):
- http://{BLOCKED}.{BLOCKED}.64.218/
It also steals the following information from the affected device:
- SMS messages
- Contacts
- Photos
- Geo-location data
- Recording voice
- List of installed Apps
- Process list
- WIFI status
SOLUTION
9.700
Trend Micro Mobile Security Solution
Trend Micro Mobile Security Personal Edition protects Android and iOS smartphones and tablets from malicious and Trojanized applications. It blocks access to malicious websites, increase device performance, and protects your mobile data. You may download the Trend Micro Mobile Security apps from the following sites:
NOTES:
This malware may not be easily seen in devices running on iOS 7 or earlier. We recommend installing a reliable third party app viewer to find and uninstall it from the apps list.
In iOS 8, the app is listed in the list of apps installed and may be removed directly from the list.
Did this description help? Tell us how we did.