Masque Attack: Apple Inc. (AAPL) iPhone iPad Users Under Threat Of A New Sinister Bug

Must Read

WhatsApp Might Lose 60 Million Indian Users Post Updated Policy Changes, New Survey Reveals!

The Facebook-owned instant messaging platform’s decision to update their privacy and terms of service brought about a...

Uber and Ola In Hot Water: India Authorities Launch Fresh Probe!

The Directorate General of Goods and Services Tax Intelligence (DGGI) sent a summons to Uber and Ola...

Trump Administration Has Landed Its Final Blow On Chinese Companies: Xiaomi Blacklisted!

In its recent move to safeguard national security, the United States’ Trump Administration has decided to go...

The troubles don’t seem to end for Apple Inc. (NASDAQ:AAPL) iOS 8. The OS version had a flurry of bugs, which forced Apple to come out with an updated iOS 8.0.1. within a week of its release. After the first week of the launch iOS 8 managed to achieve the adoption rate of only 36% as compared to 58% adoption rate for iOS 7 in the same duration since its launch. Despite a slow start, the smashing sales of recently launched iPhone 6 and iPhone 6 Plus have boosted the iOS 8 adoption rate to 52%. But concerns still lurks as the secure ecosystem of Apple is being repeatedly attacked by malwares. Recent news of WireLurker condemning the iOS and Mac devices in the Chinese region raised a lot of questions over the security. Now a similar breach being reported in iOS devices by the FireEye mobile security researchers, which is posing a serious threat for the Apple AppStore users.

What is Masque Attack?

The malware has been named “Masque Attack” as it is replacing the legit and verified apps with a duplicate app. The app, infected with the malware, downloaded from enterprise or ad-hoc provisioning is capable of replacing the original app which has the same bundle identifiers (a unique string used by the system for identifying an app. It lets the OS identify the updates to the app) with the duplicate one. The app generally has a fancy name intended to lure users into downloading it. But the malware seems to be ineffective for iOS pre-installed apps like Mobile Safari, iTunes, iWork etc. The vulnerability identified for iOS 7 and iOS 8 versions exists because Apple has no provision for matching certificates for apps having same bundle identifiers. Similar to the Wire Lurker, Masque Attack can affect devices both jailbroken and otherwise and a device can be infected through a USB or wireless networks.

The level of threat posed by Masque Attack is quite higher than the Wire Lurker, because Masque can be used to steal sensitive information like banking credentials or important emails, by replacing banking or email apps on a device. On installation, the malware can even access the local data of the original app like cached emails log in tokens. These can be used to directly log into the user’s account.


The malware can be used in various ways to incriminate naïve users. The malware can utilize a copied UI of the original app. This can be used to steal user’s identity or valuable credentials used for internet banking. Attackers can access this information sitting at a remote server. Masque Attacks can be used to outflank the app sandbox which is used as a barrier against malicious software.

The MDM or Mobile device Manager in Apple devices fails to identify the imposter as currently there is no such API to obtain the certification for each app. Also, the apps provisioned under the enterprise profiles do not come under the purview of Apple’s review process, mentions the reports. FireEye also conducted an experiment to demonstrate the working of the malware, with an app having a bundle identifier similar to the Gmail app on the phone. In the course of the experiment, Masque Attack replaced the original Gmail app on the device.

Where does Masque Attack hits Apple the most:

When Google Android apps were reportedly hit by malware, much hue and cry was raised by Apple stating free apps were the main reason of the attacks and that Android was gullible to such threats. But in the light of recent incidents the once invincible fort of security which guarded the Apple devices seems to have become impregnable. Apps constitute a major chunk of revenue for Apple and it could be a fatal blow to their economy if the malwares are not checked from flooding the apps. The malware is reportedly affecting the iOS version 8.1.1. which is slated for public release in the near future.

FireEye researchers suggest improving the existing standard of protection to provide powerful interfaces which can prevent attacks from Masque Attack on enterprise users. Some reports claim that such attacks are being reported only by those iPhone and iPad users, who have disabled iOS security intentionally or unintentionally. These malware attacks might just serve as the building blocks of further advanced attacks and Apple should address it as swiftly as possible.


Please enter your comment!
Please enter your name here

Latest News

Snapchat Spotlight: A New Way for Creators to Earn Money

Short-form video applications have increased overwhelmingly in popularity in recent times. The surge in this format of...

COVID-19 Unemployment Leading To Ageing Indian Workforce, CMIE Reports

The latest data shared by the CMIE aka Centre for Monitoring Indian Economy has highlighted a huge red flag.

The Slip-Ups Keep On Coming: WhatsApp Web Users’ Mobile Data Leaked On Google

As the developments have unfolded over the past week, the clock for WhatsApp seems to be ticking with every passing minute and...

Trump Administration Has Landed Its Final Blow On Chinese Companies: Xiaomi Blacklisted!

In its recent move to safeguard national security, the United States’ Trump Administration has decided to go after China’s second-biggest smartphone marker...

Huawei Is Gunning For Acquiring A Fifth Of Android’s Userbase With Its Own HarmonyOS!

After Google’s ban on Huawei in 2019, the Chinese-origin tech company is all set to roll out HarmonyOS later in 2021 as...

Battle Lines Are Drawn: Qualcomm’s Latest Acquisition to Challenge Apple, Intel

The quest to gain supremacy creates a butterfly effect for sure. With the challengers and the champion pulling out all stops to...

In-Depth: Dprime

Will ‘TikTok By Microsoft’ Be A Winner?

For the last two years, TikTok has been in the public eye for all sorts of reasons. First, it was the exploded...

Facebook Subscription Model: Looking Beyond Ad Dollars?

Seldom do job listings create a stir this gripping. However, when the job listing in question is a stealth post from Twitter,...

Will The Online Food Delivery Market in India End Up Becoming A Two-Horse Race?

It's pretty much evident that the food delivery space in India is all set to get riled up soon enough as one...

More Articles Like This