© 2016-2018 by Zack Smith. All rights reserved.
How malware reaches your iOS device
Apps using infected libraries
Libraries downloaded as object code can have anything in them, including spyware and other malware. This is one reason why programmers' use of CocoaPods is a bad idea. Sure, CocoaPods saves some time and makes it easier to put new features into apps. But it is like downloading a PDF via BitTorrent. There is a chance of infecting innocent iPhone owners' phones.
Apps using insecure libraries
At one point recently, many banking iOS banking apps became vulnerable to MITM attacks because they used AFNetworking, whose default setting was/is to not check that the HTTPS server it connects to really is the one asked for.
The TIFF library has also been attacked, which can be done with a carefully crafted MMS message.
Programmers using infected copies of Xcode
XcodeGhost is malware that is injected into apps by an infected copy of Xcode. This mainly affected programming that was outsourced to China like Angry Birds 2. Chinese programmers didn't want to wait for Xcode to download from Apple's server, so they downloaded infected copies from Chinese servers.
Companies' savings (outsourcing) + users' risk = unethical.
Exploits based on installation of enterprise apps
Palo Alto Networks found a malware that it dubbed YiSpecter that does just this.
Malware getting loaded via a secondary app store
ZergHelper appeared to Apple's app reviewers in California to be an English tutoring app. However whenever the app was run in China, it provided a secondary app store to run pirated iOS apps which were signed with certificates not originating from Apple but accepted by iOS anyway.
Infection by malware on your Windows PC via USB
Palo Alto Networks discovered AceDeceiver, which does exactly this.
Infection by malware on your Mac via USB
Palo Alto Networks discovered WireLurker, which does exactly this.
- Palo Alto Networks announcement
- WireLurker: New Apple malware can infect your Mac and iPhone via USB
- Engadget article
Drive-by exploits (you visit an infected website)
This has been known to affect iOS. Wikipedia article