This hits home to anyone with an Iphone. This Malware uses the Provisioning Profiles Feature of IOS. The bug allows for Apps with the same bundle identifier to replace the official app. This is used by attackers using various phishing attempts to solicit the person to install the “new” app. Once the new app is installed, it can utilize the old apps cache and data after replacement allowing for the stealing of information like banking information and passwords. This attack can take over the whole phone’s processes and monitor texts and email and send the information to the attacker. Apple does not have a fix yet. This has been nicknamed the Masque Attack. Do not install apps from stores outside of the Apple store or the enterprise store that the user belongs to. Do not click an install pop up from a web page. Do not click on links in emails or text messages. Fire Eye has the full story here
Here is Fire Eye’s video on how the hack is done. This is an example of how the hack could be done.