The surveillance tool was signed with legitimate Apple developer certificates.
The spyware that was recently found lurking in 25 different malicious apps on Google Play has been ported to the Apple iOS ecosystem.
The surveillance package – dubbed Exodus – can exfiltrate contacts, take audio recordings and photos, track location data and more on mobile devices. Earlier this month, word came that Google had booted a raft of Exodus-laden apps.
According to Lookout Security, it turns out that iOS versions had become available outside the App Store, through phishing sites that imitate Italian and Turkmenistani mobile carriers. These are notable in that they abused the Apple Developer Enterprise program.