Research company Lacoon Mobile Security has identified a malicious application Xsser mRAT, aimed at users of the iPhone and the iPad. Trojan sends SMS-messages, contacts from the address book, geographical coordinates, accounts Apple ID, passwords and other information from mobile devices subjected to the procedure of jailbreak.
Currently Xsser mRAT became widespread in China. Experts point out that in this way the Chinese government carries out a massive cyber attack. In favor of the assumption Lacoon evidenced by the fact that the attack takes place exclusively at the Hong Kong protesters, and it carries a large organization, understanding the Chinese language.
Xsser mRAT represents a major threat for jailbroken devices. IPhone and iPad users infect their devices by clicking on the links that spread in social networks. Trojan launches a special service launchd, which provides the ability to automatically download malware.
On command from the management server Xsser mRAT transmits personal data of the owner of the device. Trojan creators can get a wide range of information, including the model of the gadget, the version of the operating system, MAC-address, phone number, IMSI and IMEI. In the hands of hackers to get as postal and short messages, photos, passwords from the Keychain, call logs, etc.
According to experts, this is the most perfect iOS-Trojan among those who had previously been found. Although it is currently only used for the implementation of the attacks against the Hong Kong protesters, in the near future there may be hackers who will use the malware to other, much more dangerous purposes.
As reported in the blog Lacoon, Xsser mRAT associated with the malware similar for devices running Android. To remove Trojan requires reinstallation of the operating system or a hard reset to factory settings.