A new malware vulnerability called as “Masque attack” is targeting iOS devices, as per a security firm FireEye. Masque Attack allows malicious parties to install duplicate versions of third-party apps on your iPhone or iPad, replacing your original app with theirs, which can access and monitor your data.
Masque Attack lures users to install an app outside of the iOS App Store, by clicking a phishing link in a text message or email. For example, in a demo video, an SMS message with a link attached was sent with the following text “Hey, check this out, the New Flappy Bird.” But instead of a game, the malicious app installs itself over a currently installed app.
FireEye said the bug affects all Apple mobile devices running iOS 7 or later, regardless of whether or not the device is jailbroken. users are advised to avoid downloading any apps from sources other than the official App Store and to stop downloading apps from pop ups, emails, Web pages, or other foreign sources.
Last week, researchers from Palo Alto Networks discovered that a new malware dubbed as “Wirelurker” is targeting Mac and iOS devices. It collects call logs, phone book contacts and other sensitive information on Apple mobile devices.