iOS and Android OS Targeted by Man-in-the-Middle Attacks


MUMBAI : Akamai Technologies, Inc. (NASDAQ: AKAM), the leading provider of cloud services for delivering, optimizing and securing online content and business applications, released, through the company's Prolexic Security & Research Team (PLXsert), a new cybersecurity threat advisory. The advisory alerts enterprises, governments and individuals to the Xsser mobile remote access Trojan (mRAT), which targets iOS and Android devices. The Xsser mRAT is spread through man-in-the-middle and phishing attacks and may involve cellphone tower eavesdropping for location-specific attacks. The advisory is available for download from www.stateoftheinternet.com/xsser.

"Sophisticated malicious actors are targeting unsuspecting mobile device users," said Stuart Scholly, senior vice president and general manager, Security Business Unit, Akamai. "Attackers are impersonating or bypassing Google and Apple app stores and using social engineering to trick users into downloading unverified apps that install malicious applications such as the Xsser remote access Trojan onto a user's mobile device. For example, attackers offered a counterfeit Flappy Birds app download to deliver the malicious software."

Jailbroken iOS devices at risk

Jailbreaking is the process of removing limitations and security checks in the iOS operating system in order to allow users to install applications from other application stores. In China, for example, 14 percent of the 60 million iOS devices are estimated to have been jailbroken, often to support the use of third-party Chinese character keyboard apps. Jailbroken phones are at greater risk for malware.