A newly-outed trojan is exploiting iOS and Android devices, ripping iCloud credentials abusing the trusted link between phones and PCs, says Palo Alto security researcher Claud Xiao.
The attack appears to have failed in most circumstances, thanks to iOS’ sandboxing security controls, hardened modern Android operating systems, and the overt nature of the attack, and will flunk in all current attacks given the expiration of a certificate.
Xiao (@claud_xiao) says the DualToy malware targets Windows machines that have been authorised to work with iPhones and abuses the Android Debug Bridge facility commonly installed by users who run custom Android ROMs.
Once installed it will phish iOS devices for their Apple usernames and passwords shipping those stolen logins to a remote server, along with IMEI, IMSI, ICCID, and serial and phone numbers.
Android devices are more readily owned. DualToy will download advertising apps, and attempt to gain root privileges from where it can install more applications.
Copyright: theregister.co.uk