CAMBRIDGE, Mass., Dec. 17, 2014 /PRNewswire/ -- Akamai
Technologies, Inc. (NASDAQ: AKAM), the leading provider of cloud
services for delivering, optimizing and securing online content and
business applications, today released, through the company's
Prolexic Security Engineering & Research Team (PLXsert), a new
cybersecurity threat advisory. The advisory alerts enterprises,
governments and individuals to the Xsser mobile remote access
Trojan (mRAT), which targets iOS and Android devices. The Xsser
mRAT is spread through man-in-the-middle and phishing attacks and
may involve cellphone tower eavesdropping for location-specific
attacks. The advisory is available for download from
www.stateoftheinternet.com/xsser.
"Sophisticated malicious actors are targeting unsuspecting
mobile device users," said Stuart
Scholly, senior vice president and general manager, Security
Business Unit, Akamai. "Attackers are impersonating or bypassing
Google and Apple app stores and using social engineering to trick
users into downloading unverified apps that install malicious
applications such as the Xsser remote access Trojan onto a user's
mobile device. For example, attackers offered a counterfeit Flappy
Birds app download to deliver the malicious software."
Jailbroken iOS devices at risk
Jailbreaking is the
process of removing limitations and security checks in the iOS
operating system in order to allow users to install applications
from other application stores. In China, for example, 14 percent of the 60
million iOS devices are estimated to have been jailbroken, often to
support the use of third-party Chinese character keyboard
apps. Jailbroken phones are at greater risk for malware.
Mobile remote access Trojan: the Xsser mRAT
Formerly,
Xsser mRAT targeted only Android devices, but a new variant infects
jailbroken iOS devices. The app is installed via a rogue repository
on Cydia, the most popular third-party application store for
jailbroken iPhones. Once the malicious bundle has been installed
and executed, it gains persistence – preventing the user from
deleting it. The mRAT then makes server-side checks and proceeds to
steal data from the user's device and executes remote commands as
directed by its command-and-control (C2) server.
"Infected phones with the remote access software installed could
be used for a wide variety of malicious purposes including
surveillance, the stealing of login credentials, launching
distributed denial of service (DDoS) attacks, and more," added
Scholly. "With more than a billion smartphone users worldwide, this
kind of malware creates significant risks to privacy and a risk of
rampant illegal activity."
The best protection is to prevent infection
It is
difficult to detect whether a phone is under attack from malware
such as Xsser mRAT, so a focus on prevention is necessary. Virtual
private networks (VPN), two-factor authentication, peer-to-peer
proximity networking and commercial phone security applications can
provide some protection. Avoiding the use of free Wi-Fi hotspots
and automatic connections, ignoring unexpected communications, not
jailbreaking phones and not using apps from untrusted sources are
some of the self-protection approaches discussed in the
advisory.
Get the Man-in-the-Middle Attacks Target iOS and Android
Threat Advisory to learn more
In the advisory, PLXsert
shares its analysis and details, including:
- Open source intelligence about attacks against mobile
devices
- How attackers access Android devices
- How attackers access iOS devices
- Man-in-the-middle GSM and CDMA vulnerabilities
- Why jailbroken phones are at high risk
- How Xsser mRAT ends up on mobile phones
- The malicious use of the Cydia repository
- Infection prevention tips
A complimentary copy of the threat advisory is available for
download at www.stateoftheinternet.com/xsser.
About Akamai
Akamai® is the leading provider of cloud services for
delivering, optimizing and securing online content and business
applications. At the core of the Company's solutions is the Akamai
Intelligent Platform™ providing extensive reach, coupled with
unmatched reliability, security, visibility and expertise. Akamai
removes the complexities of connecting the increasingly mobile
world, supporting 24/7 consumer demand, and enabling enterprises to
securely leverage the cloud. To learn more about how Akamai is
accelerating the pace of innovation in a hyperconnected world,
please visit www.akamai.com or blogs.akamai.com, and follow @Akamai
on Twitter.
Contacts:
|
Rob Morton
|
Tom Barth
|
|
Media
Relations
|
Investor
Relations
|
|
617-444-3641
|
617-274-7130
|
|
rmorton@akamai.com
|
tbarth@akamai.com
|
Logo -
http://photos.prnewswire.com/prnh/20100225/AKAMAILOGO
To view the original version on PR Newswire,
visit:http://www.prnewswire.com/news-releases/ios-and-android-os-targeted-by-man-in-the-middle-attacks-300010791.html
SOURCE Akamai Technologies, Inc.