Current iOS Malware

Here is the full list of iOS-Malware-Families. We will try to keep this table up-to-date. We took one sample of each family for the data within this table.

Description Capabilities Jailbroken / Stock
AdThief/Spad
This malware redirects the revenue of advertisement viewed on the infected device to the malware author thereby causing no harm to the end-user.
Jailbroken
FindCall
This family is also known from the Android platform. It sends personal information (address book) to a remote server.

Stock
Ikee/Eeki
This malware family was the first worm for iOS devices. It made use of the fact, that many users of jailbroken devices hadn’t changed the root password of the SSH daemon. The worm scans the network for vulnerable iOS devices and if such a device is detected, it spreads to that device, changes its root password, changes the background image, communicates with a remote server and steals the victim’s SMS database.


Jailbroken
iKeyGuard
This malware implements a keylogger which stores its data locally and is also able to send it to the malware author via email.
Jailbroken
KeyRaider
This malware steals Apple push notification service certificates and private keys, App Store purchasing information, Apple IDs and passwords, and disables local and remote unlocking functionalities on iOS devices.
Jailbroken
LBTM
This is an AdWare that displays jokes and a huge bunch of ads on the splash screen. Additionally, if the user touches the splash screen it tries to dial premium rated phone numbers.

Stock
MobileSpy/RetinaX/BopSmiley
This malware family allows an attacker to eavesdrop on the infected iOS device: all incoming and outgoing calls, SMS, URLs and GPS position are logged to a remote server.

Jailbroken
Oneclickfraud
This malware family tries to trick the user into installing paid apps or paying for a subscription.
Stock
PawnStorm.A
This malware uploads the phone’s contact list, photos, current GPS location and audio records to a remote server.


Stock
PawnStorm.B
This malware eavesdrops microphone and speaker audio streams and stores them on the device for later exfiltration through another malware or physical access.
Jailbroken
Riskware/Killmob
This malware family is a commercial spyware which is also known from Android. It is able to: send call logs as well as stored SMS messages and contacts, can record video and audio, etc…


Jailbroken
Toires
This malware was a PoC to demonstrate that it is possible to gather the following sensitive data from an iOS device by using standard SDK methods: information regarding email accounts; GPS location; phone identifiers; recent Safari searches as well as called contacts; videos and pictures; etc….
Stock
Trapsms
This malware family forwards every received or sent SMS message from the infected iOS device to a remote server.
Jailbroken
Unflod Baby Panda
This malware listens to outgoing SSL connections. From these connections it tries to steal the device’s Apple-ID and corresponding password and sends them to a remote server.
Jailbroken
YiSpecter
This malware can download, install and launch arbitrary apps, replace existing apps, display ads, change Safari’s default search engine, bookmarks and opened pages, and upload device information to a remote server.
Stock / Jailbroken

(last update 2nd of January 2016)

Functionality of a Botnet
Downloaded through Apple iTunes
Steals location information
Information stealing to a remote server
Unwanted application
Banking Trojan which is able to intercept and modify banking authentication codes (mTAN messages).
Performing premium rated phone calls
Recording audio or phone calls

2 comments

Leave a Reply

%d bloggers like this: