Operation Pawn Storm spyware and what you need to know

Operation Pawn Storm appears to be the latest in a type of attack that uses jailbreak or enterprise distribution certificates to transfer spyware onto iOS devices. That means, in order to be infected, you have to first remove Apple's built-in security protection by jailbreaking, or tapping to agree to the installation of an app from outside the App Store. In other words, for most people, most of the time, it's something to be informed about but absolutely nothing to be stressed or scared by. Operation Pawn Storm was first reported by TrendLabs:

We found two malicious iOS applications in Operation Pawn Storm. One is called XAgent (detected as IOS_XAGENT.A) and the other one uses the name of a legitimate iOS game, MadCap (detected as IOS_ XAGENT.B). After analysis, we concluded that both are applications related to SEDNIT.

Ars Technica explains:

Researchers believe that the targeted devices may have already been compromised before these malware agents were installed—perhaps by being connected to Windows PCs that had been targeted by the other components of Pawn Storm.

Operation Pawn Storm is reportedly targeted at European governments and journalists, if you think you're at higher risk, make sure you don't engage in activities that are risky: Avoid jailbreaking. If you jailbreak, don't download from untrusted repositories. Don't download pirated apps, or any apps at all from outside the App Store or your own, trusted, enterprise resources. Don't click on untrusted download links that come in via email or the web. If iOS warns you an untrusted app is attempting to transfer or install itself, deny it permission to do so.

Security professionals continue to investigate it and we'll update when and as they discover more. Apple has built excellent protection into iOS, however. So, absent direct user-intervention, either intentional like jailbreak or socially engineered through phishing, the vast majority of iPhone and iPad customers don't seem to have anything to worry about right now.

Rene Ritchie
Contributor

Rene Ritchie is one of the most respected Apple analysts in the business, reaching a combined audience of over 40 million readers a month. His YouTube channel, Vector, has over 90 thousand subscribers and 14 million views and his podcasts, including Debug, have been downloaded over 20 million times. He also regularly co-hosts MacBreak Weekly for the TWiT network and co-hosted CES Live! and Talk Mobile. Based in Montreal, Rene is a former director of product marketing, web developer, and graphic designer. He's authored several books and appeared on numerous television and radio segments to discuss Apple and the technology industry. When not working, he likes to cook, grapple, and spend time with his friends and family.