Current iOS Malware
Here is the full list of iOS-Malware-Families. We will try to keep this table up-to-date. We took one sample of each family for the data within this table.
|Jailbroken / Stock
This malware redirects the revenue of advertisement viewed on the infected device to the malware author thereby causing no harm to the end-user.
This family is also known from the Android platform. It sends personal information (address book) to a remote server.
This malware family was the first worm for iOS devices. It made use of the fact, that many users of jailbroken devices hadn’t changed the root password of the SSH daemon. The worm scans the network for vulnerable iOS devices and if such a device is detected, it spreads to that device, changes its root password, changes the background image, communicates with a remote server and steals the victim’s SMS database.
This malware implements a keylogger which stores its data locally and is also able to send it to the malware author via email.
This malware steals Apple push notification service certificates and private keys, App Store purchasing information, Apple IDs and passwords, and disables local and remote unlocking functionalities on iOS devices.
This is an AdWare that displays jokes and a huge bunch of ads on the splash screen. Additionally, if the user touches the splash screen it tries to dial premium rated phone numbers.
This malware family allows an attacker to eavesdrop on the infected iOS device: all incoming and outgoing calls, SMS, URLs and GPS position are logged to a remote server.
This malware family tries to trick the user into installing paid apps or paying for a subscription.
This malware uploads the phone’s contact list, photos, current GPS location and audio records to a remote server.
This malware eavesdrops microphone and speaker audio streams and stores them on the device for later exfiltration through another malware or physical access.
This malware family is a commercial spyware which is also known from Android. It is able to: send call logs as well as stored SMS messages and contacts, can record video and audio, etc…
This malware was a PoC to demonstrate that it is possible to gather the following sensitive data from an iOS device by using standard SDK methods: information regarding email accounts; GPS location; phone identifiers; recent Safari searches as well as called contacts; videos and pictures; etc….
This malware family forwards every received or sent SMS message from the infected iOS device to a remote server.
|Unflod Baby Panda
This malware listens to outgoing SSL connections. From these connections it tries to steal the device’s Apple-ID and corresponding password and sends them to a remote server.
This malware can download, install and launch arbitrary apps, replace existing apps, display ads, change Safari’s default search engine, bookmarks and opened pages, and upload device information to a remote server.
|Stock / Jailbroken
(last update 2nd of January 2016)
|Functionality of a Botnet
|Downloaded through Apple iTunes
|Steals location information
|Information stealing to a remote server
|Banking Trojan which is able to intercept and modify banking authentication codes (mTAN messages).
|Performing premium rated phone calls
|Recording audio or phone calls