Your browser is obsolete!

The page may not load correctly.

Unexpected guests

Незваные гости

Other issues in this category (65)
  • add to favourites
    Add to Bookmarks

No chance victims

Read: 2254 Comments: 7 Rating: 15

In the “Random victims” issue, we mentioned the cyber attack on the Federal News Agency. In that publication we highlighted the attackers' ability to target infrastructures in another country. Today, we'd like to draw your attention to a different aspect, namely, the tools that were employed by the attackers.

The infection spread from an ordinary iPhone 7 Plus belonging to an agency employee. A USB data cable was used to connect the device to a PC that had no Internet access. The gadget uploaded malicious files to the computer automatically and gave the attackers remote access to the PC.


Are there malicious programs for iOS?

Classified by Dr.Web as IPhoneOS.PWS.Stealer.1, the malware stole Apple ID credentials on devices compromised by the trojan. IPhoneOS.PWS.Stealer.2... can download and install other applications on the infected smartphones and tablets. The installed apps included those that the trojan would purchase in the App Store automatically at the expense of unsuspecting users.

IPhoneOS.Xsser.1 could steal such confidential information as the contents of the phone book, photos, passwords, SMS messages, the call history, and the device location. IPhoneOS.Cloudatlas.1 could steal such confidential information as the contents of the phone book, photos, passwords, SMS messages, the call history, and the device location.


Programs of this kind are very few in number, which means an iPhone can:

  • Serve as a medium for transferring malware to other devices (like a flash drive);
  • Get compromised so that a spearhead attack can be mounted.

If the article we cited at the beginning of this issue described actual events (we have no confirmation of that), then a targeted attack did take place and a specific mobile device was infected to penetrate an office network.

#iOS #mobile #Dr.Web_settings #Office_Control #removable_media

Dr.Web recommends

Criminals who go about designing such software for iOS will most likely make sure that it won't be detected by a corporate anti-virus using malware signatures. But this doesn't imply that anti-viruses are powerless against these threats. For example, Dr.Web Enterprise Security Suite can protect networks from such attacks. To accomplish this:

  • The Office Control must restrict employee access to specific files and folders.
  • Employee desktops and laptops should only be able to run trusted applications—to this end, you can use the application whitelist.

And, of course, users should not have the permissions to run applications whose files reside on their mobile devices or appear in their mailboxes.

Rate this issue and receive Dr.Weblings! (1 vote = 1 Dr.Webling)

Sign in and get 10 Dr.Weblings for sharing the link to this issue via social media.


Unfortunately, due to Facebook's technical limitations, Dr.Weblings cannot be awarded. However, you can share this link with your friends for free.

Tell us what you think

Leave your comment on the day of publication and get 10 Dr.Weblings, or get 1 Dr.Webling for a comment posted any other day. Comments are published automatically and are reviewed by a moderator. Rules for leaving comments about Doctor Web news items.

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.