That is some crazy amount of planning and time spent on for just 13 users. Must be VVIP folks. Mysterious malware c… https://t.co/mX4fRgA75o — nixCraft (@nixcraft) 1531477580000

HYDERABAD: Commercial threat intelligence group, Cisco Talos, comprising malware researchers and analysts, has revealed that in a 'highly targeted campaign,' 13 iPhones in India were attacked by using a malicious application leading to data being intercepted and information stolen. It is suspected that the 13 devices could be of VVIPs, who are yet to be identified.Cisco experts suspect that the attacker is likely to be located in India but tried to pose as a Russian as he used Russian names and email domains from Russia. Two personal devices used by the attacker share the same phone number that is registered on the Vodafone network in India.Experts on the Talos intelligence blog revealed that the attacker deployed an open source mobile device management system (MDM) to get access to the 13 devices that were enrolled.Experts Warren Mercer Technical leader at Talos security, Andrew Williams Malware researcher at Cisco, Malware analyst Paul Rascagnerese said, "The attacker used certain techniques to add features to legitimate apps, including messaging apps such as WhatsApp and Telegram that was then deployed by the MDM onto the 13 targeted devices in India. The malicious code collects and extracts information like the phone number, serial number, location, contacts, user's photos, SMSes and Telegram and WhatsApp chat messages from the iPhone device. Information extracted from device can be used to manipulate a victim or even use it for blackmail or bribery (sic)"NixCraft, an online community of Linux / Unix System administrators, quoting Talos research, tweeted, "That is some crazy amount of planning and time spent for just 13 users. Must be VVIP folks. Mysterious malware campaign targets just 13 iPhones in India. The operation went undetected for three years," French security researcher Elliot Alderson too flagged the research finding on his Twitter account.Kiran Jonnalgadda, a security researcher, said, “The attack shows that iOS devices have a vulnerable vector that most users aren't even aware of.”Telangana CID superintendent of police U Rammohan told TOI, “iPhone vulnerability is rare. Apple phone vulnerability is not majorly reported anywhere. Vulnerability could be due to user’s mistake where the attacker may have used social engineering to penetrate into the phone.”