Apple App Store infiltrated by spyware posing as support app

Apple App Store found to contain spyware

One of the key differences between the Google Play and Apple App Stores are their admission guidelines. Generally, the Android application review process only takes a few hours. Conversely, the iOS store has much more stringent standards and new apps can be evaluated for up to two days.

As such, it’s surprising that a new spyware app has managed to infiltrate both platforms.

Recently, mobile data security firm Lookout discovered a pernicious piece of Android malware had migrated to Apple’s ecosystem. The Exodus spyware can copy a smartphone owner’s user data, track movements, and discreetly record conversations. Moreover, the software performs those functions while disguised as a mobile carrier support tool.

Intriguingly, the developers of the spyware program didn’t submit it to the iOS store.  Instead, they released it via the Apple Developer Enterprise Program. The platform gives large organizations the ability to create their own branded apps. Accordingly, it has a much more lenient screening process than the consumer app marketplace. In February, reports emerged that cybercriminals were distributing bootleg versions of popular apps via the Enterprise Program.

Lookout also uncovered the malicious software’s unusual origin; an Italian cybersecurity firm may have created it.

Corporate Spyware Gone Bad

Notably, Exodus is an unusually elegant piece of spyware. Once downloaded, the program doesn’t initially behave in a way that would be flagged by an antivirus app. However, the software obtains user permission to download a zip file that performs more harmful tasks. In addition to accessing a consumer’s personal data, the malware opens a channel allowing third parties to dictate the device’s operations.

While performing a thorough analysis, cybersecurity experts determined Exodus was designed by an Italian company called eSurv. Specifically, researchers found the program was communicating with the security firm’s servers. Although the company’s main product is video surveillance software, it also develops spyware for local law enforcement agencies.

However, the company’s alleged development of Exodus was not legal. Italian law forbids civilian groups or individuals from using spyware. Consequently, local authorities launched an investigation into eSurv and seized its digital assets earlier this month.

As of this writing, Italian police are still investigating the connection between eSurv and Exodus. However, when Motherboard asked the firm directly if they made the program, one of its developers responded, “confidential information. I don’t think I can say anything about this ;).”

Exodus is no longer available on the Google and Apple App Stores.

Big Tech has Mobile Security Problem

On its own, the existence of an application like Exodus is incredibly chilling. But the fact the world’s largest application platforms aren’t equipped to deal with its existence is even more upsetting.

Last year, The Burn-In reported that the Google Play Store only discovered 13 apps available on its platform were malware after they’d been downloaded more than 500,000 times. More recently, a cybersecurity company uncovered the fact that two-thirds of its antivirus apps were fake. Clearly, the Android app marketplace needs a security overhaul.

Similarly, Apple’s enterprise app program desperately needs a more robust screening process. Notably, Facebook and Google created apps using the platform that Apple temporarily shut down for terms of service violations.

Sadly, these institutional vulnerabilities mean individual users are effectively on their own when it comes to mobile device security.