Operation Pawn Storm spyware and what you need to know

Operation Pawn Storm appears to be the latest in a type of attack that uses jailbreak or enterprise distribution certificates to transfer spyware onto iOS devices. That means, in order to be infected, you have to first remove Apple's built-in security protection by jailbreaking, or tapping to agree to the installation of an app from outside the App Store. In other words, for most people, most of the time, it's something to be informed about but absolutely nothing to be stressed or scared by. Operation Pawn Storm was first reported by TrendLabs (opens in new tab):

We found two malicious iOS applications in Operation Pawn Storm. One is called XAgent (detected as IOS_XAGENT.A) and the other one uses the name of a legitimate iOS game, MadCap (detected as IOS_ XAGENT.B). After analysis, we concluded that both are applications related to SEDNIT.

Ars Technica explains:

Researchers believe that the targeted devices may have already been compromised before these malware agents were installed—perhaps by being connected to Windows PCs that had been targeted by the other components of Pawn Storm.

Operation Pawn Storm is reportedly targeted at European governments and journalists, if you think you're at higher risk, make sure you don't engage in activities that are risky: Avoid jailbreaking. If you jailbreak, don't download from untrusted repositories. Don't download pirated apps, or any apps at all from outside the App Store or your own, trusted, enterprise resources. Don't click on untrusted download links that come in via email or the web. If iOS warns you an untrusted app is attempting to transfer or install itself, deny it permission to do so.

Security professionals continue to investigate it and we'll update when and as they discover more. Apple has built excellent protection into iOS, however. So, absent direct user-intervention, either intentional like jailbreak or socially engineered through phishing, the vast majority of iPhone and iPad customers don't seem to have anything to worry about right now.

Rene Ritchie
Contributor

Rene Ritchie is one of the most respected Apple analysts in the business, reaching a combined audience of over 40 million readers a month. His YouTube channel, Vector, has over 90 thousand subscribers and 14 million views and his podcasts, including Debug, have been downloaded over 20 million times. He also regularly co-hosts MacBreak Weekly for the TWiT network and co-hosted CES Live! and Talk Mobile. Based in Montreal, Rene is a former director of product marketing, web developer, and graphic designer. He's authored several books and appeared on numerous television and radio segments to discuss Apple and the technology industry. When not working, he likes to cook, grapple, and spend time with his friends and family.

21 Comments
  • "... in order to be infected, you have to first remove Apple's built-in security protection by jailbreaking ..." And therefore you're doing it to yourself.
    No sympathy from me.
  • ...or work for a company that has set up its own distribution mechanism
  • Same way you get infected on Android. Renee just won't tell you that. Posted via the Android iMore App!
  • Exactly. Sent from the iMore App
  • Don't get me started. It was just a few days ago a fellow on this forum insisted that malware were exclusively an Android epidemic.
  • Why would he? This is an Apple site. It's not like he even implied that Android is more susceptible to malware. At least not in this article. Sent from the iMore App
  • He implies it all the time.
  • Well, first I'd spell my name correctly. Second, I'd let you know that we have a site called Android Central which covers Android security and does a fantastic job. (Last week they had a series on anti-virus, I encourage you to read it.) Third, I'd wish you go day.
  • I read it...Didn't learn anything from it because I already knew it. I have an iPhone, also. That is why I'm here. Personally, I am unbiased between the two platforms, but because of people like you, I am leaning more and more towards Android and AndroidCentral because they don't skew the truth or imply untruths about Apple. You're the most biased "editor" I've ever read. You're the Brian Williams of Mobile Nations.
  • True .. Sometimes its hard to believe both sites are run by mobile nations . Posted via the iMore App for Android
  • Phil on Android Central is way nicer to Apple fans than Rene is to Android. Phil actually is a Mac fan but uses Android for mobile so I feel Phil is not closed minded to the other platforms like some MN editors are... Posted via the iMore App for Android
  • Everyone has bias. The belief and insistence that you do not comes across more as a lack of self awareness than a convincing argument that you are truly unbiased. Why not just read elsewhere if reading here is so disruptive to you? Sent from the iMore App
  • No, I'll just keep reading here... If that's okay with you, of course. Posted via the iMore App for Android
  • "This building is on fire and I am on fire because of it." "Hey dude, stop drop and roll, hop in that pond over there, you don't have to burn" "Nah. I'm okay *burns*" Posted from the amazing whatever device I can afford because I'm a broke college kid.
  • He kinda looks like Steve Jobs too(not sure if intentional) Posted via the iMore App for Android
  • +1 for truth Posted via the iMore App for Android
  • I'll rather have the option to obtain malware than not but even then Apple security always has loopholes to bypass that. Jailbreaking is absolutely fantastic but I agree with not using untrusted sources and tweaks AND applications. Of course it's useful to try apps before buying, hint: Apple should have a try before buy window like a time limit or something, that's a nice touch like on Amazon or Windows*, but try them from reliable sources, but not to worried about that, if you are jailbroken you should have a somewhat underling on what and what not to do in order not to duck your phone up. Posted via the iMore App for Android
  • This is also written for iOS7 meaning the exposure is extremely limited
  • For every "known" malware app, there are probably a hundred or more out there in the wild, that simply haven't been identified as of yet. Don't fool yourself. The good news is, right now, the only way you'll catch anything is if you bypass the security features on any of the platforms. (Android, Windows, or Apple)
  • As a question. Can you rewrite about actual security vulnerabilities iOS does have? I'm sure there are some, and while not common they are there. Tell people what to do in that case. Because I can assure you anyone that took the time to jailbreak is rather aware of the threats involved. Posted from the amazing whatever device I can afford because I'm a broke college kid.
  • I meant can you *write. Keyboards been being weird lately. Posted from the amazing whatever device I can afford because I'm a broke college kid.