Masque Attack: Apple Inc. (AAPL) iPhone iPad Users Under Threat Of A New Sinister Bug

Must Read

Apple iPhone 12: Not For India And You Must Not Fall Prey To Apple’s Marketing Machine

The cat is out from the bag, finally! Apple iPhone 12 has launched in the most sophisticated...

Micromax is Back, Sets Eyes On Xiaomi’s Crown

A fallen pioneer, banished from its own motherland by collective foreign forces, has finally roused itself up!

Musk Slashes Tesla Car Price Twice in One Week, Served With A Side of His Wacko Humour

Time is witness that Elon Musk and eccentricities come along as a combo package.

The troubles don’t seem to end for Apple Inc. (NASDAQ:AAPL) iOS 8. The OS version had a flurry of bugs, which forced Apple to come out with an updated iOS 8.0.1. within a week of its release. After the first week of the launch iOS 8 managed to achieve the adoption rate of only 36% as compared to 58% adoption rate for iOS 7 in the same duration since its launch. Despite a slow start, the smashing sales of recently launched iPhone 6 and iPhone 6 Plus have boosted the iOS 8 adoption rate to 52%. But concerns still lurks as the secure ecosystem of Apple is being repeatedly attacked by malwares. Recent news of WireLurker condemning the iOS and Mac devices in the Chinese region raised a lot of questions over the security. Now a similar breach being reported in iOS devices by the FireEye mobile security researchers, which is posing a serious threat for the Apple AppStore users.

What is Masque Attack?

The malware has been named “Masque Attack” as it is replacing the legit and verified apps with a duplicate app. The app, infected with the malware, downloaded from enterprise or ad-hoc provisioning is capable of replacing the original app which has the same bundle identifiers (a unique string used by the system for identifying an app. It lets the OS identify the updates to the app) with the duplicate one. The app generally has a fancy name intended to lure users into downloading it. But the malware seems to be ineffective for iOS pre-installed apps like Mobile Safari, iTunes, iWork etc. The vulnerability identified for iOS 7 and iOS 8 versions exists because Apple has no provision for matching certificates for apps having same bundle identifiers. Similar to the Wire Lurker, Masque Attack can affect devices both jailbroken and otherwise and a device can be infected through a USB or wireless networks.

The level of threat posed by Masque Attack is quite higher than the Wire Lurker, because Masque can be used to steal sensitive information like banking credentials or important emails, by replacing banking or email apps on a device. On installation, the malware can even access the local data of the original app like cached emails log in tokens. These can be used to directly log into the user’s account.


The malware can be used in various ways to incriminate naïve users. The malware can utilize a copied UI of the original app. This can be used to steal user’s identity or valuable credentials used for internet banking. Attackers can access this information sitting at a remote server. Masque Attacks can be used to outflank the app sandbox which is used as a barrier against malicious software.

The MDM or Mobile device Manager in Apple devices fails to identify the imposter as currently there is no such API to obtain the certification for each app. Also, the apps provisioned under the enterprise profiles do not come under the purview of Apple’s review process, mentions the reports. FireEye also conducted an experiment to demonstrate the working of the malware, with an app having a bundle identifier similar to the Gmail app on the phone. In the course of the experiment, Masque Attack replaced the original Gmail app on the device.

Where does Masque Attack hits Apple the most:

When Google Android apps were reportedly hit by malware, much hue and cry was raised by Apple stating free apps were the main reason of the attacks and that Android was gullible to such threats. But in the light of recent incidents the once invincible fort of security which guarded the Apple devices seems to have become impregnable. Apps constitute a major chunk of revenue for Apple and it could be a fatal blow to their economy if the malwares are not checked from flooding the apps. The malware is reportedly affecting the iOS version 8.1.1. which is slated for public release in the near future.

FireEye researchers suggest improving the existing standard of protection to provide powerful interfaces which can prevent attacks from Masque Attack on enterprise users. Some reports claim that such attacks are being reported only by those iPhone and iPad users, who have disabled iOS security intentionally or unintentionally. These malware attacks might just serve as the building blocks of further advanced attacks and Apple should address it as swiftly as possible.


Please enter your comment!
Please enter your name here

Latest News

Free Netflix in India: A Result of Slow Growth In Q3 2020?

Netflix is testing a new strategy that could lead to free Netflix in India. The online streaming...

Tesla First Cancels Return Policy And Now Cuts Warranty Period

Just last week Elon Musk surprised everyone by cutting the price of Tesla Model S twice in a week. If that's not...

Personalization Is The Secret Sauce Behind A Successful E-Commerce Business

E-commerce personalization offers an exclusive experience to consumers by showing them product recommendations, content catered to their interests, and offers based on...

Reliance Jio Set To Blitz The 5G Smartphone Market With Jaw-Dropping Price

Cometh the revolution, cometh Reliance. This time the price of 5G smartphones under the radar of Reliance. The trailblazer’s...

Micromax is Back, Sets Eyes On Xiaomi’s Crown

A fallen pioneer, banished from its own motherland by collective foreign forces, has finally roused itself up! Micromax has...

The Future of The Workplace And Retraining in 2020 And Beyond

The pandemic has upturned businesses, lives, and even the outlook of our future. It has caused millions to lose their jobs, and...

In-Depth: Dprime

Will ‘TikTok By Microsoft’ Be A Winner?

For the last two years, TikTok has been in the public eye for all sorts of reasons. First, it was the exploded...

Facebook Subscription Model: Looking Beyond Ad Dollars?

Seldom do job listings create a stir this gripping. However, when the job listing in question is a stealth post from Twitter,...

Will The Online Food Delivery Market in India End Up Becoming A Two-Horse Race?

It's pretty much evident that the food delivery space in India is all set to get riled up soon enough as one...

More Articles Like This