iOS Malware Overview

Revision 3
© 2016-2018 by Zack Smith. All rights reserved.

How malware reaches your iOS device

Apps using infected libraries

Libraries downloaded as object code can have anything in them, including spyware and other malware. This is one reason why programmers' use of CocoaPods is a bad idea. Sure, CocoaPods saves some time and makes it easier to put new features into apps. But it is like downloading a PDF via BitTorrent. There is a chance of infecting innocent iPhone owners' phones.

 Programmers' convenience that increases users' risk is unethical.

Apps using insecure libraries

At one point recently, many banking iOS banking apps became vulnerable to MITM attacks because they used AFNetworking, whose default setting was/is to not check that the HTTPS server it connects to really is the one asked for.

The TIFF library has also been attacked, which can be done with a carefully crafted MMS message.

Fortune: Apple Security Bug Lets Hackers Nab Your Mac and iPhone Passwords With 1 Text.

Programmers using infected copies of Xcode

XcodeGhost is malware that is injected into apps by an infected copy of Xcode. This mainly affected programming that was outsourced to China like Angry Birds 2. Chinese programmers didn't want to wait for Xcode to download from Apple's server, so they downloaded infected copies from Chinese servers.

9to5 article

Companies' savings (outsourcing) + users' risk = unethical.

Exploits based on installation of enterprise apps

Palo Alto Networks found a malware that it dubbed YiSpecter that does just this.

YiSpecter: First iOS Malware That Attacks Non-jailbroken Apple iOS Devices by Abusing Private APIs

Malware getting loaded via a secondary app store

ZergHelper appeared to Apple's app reviewers in California to be an English tutoring app. However whenever the app was run in China, it provided a secondary app store to run pirated iOS apps which were signed with certificates not originating from Apple but accepted by iOS anyway.

Pirated iOS App Store's Client Successfully Evaded Apple iOS Code Review

Infection by malware on your Windows PC via USB

Palo Alto Networks discovered AceDeceiver, which does exactly this.

Trojan Exploits Apple DRM Flaw, Plants Malware On Non-Jailbroken iOS Devices

Infection by malware on your Mac via USB

Palo Alto Networks discovered WireLurker, which does exactly this.

Drive-by exploits (you visit an infected website)

This has been known to affect iOS. Wikipedia article

Other links

DFU Mode