The second stage consists of multiple binary packages where most of the surveillance functionalities are implemented. The malware is created to keep running on the infected device even when the screen is switched off. Researchers believe this malware is distributed as so-called "lawful intercept" software, which is generally used by law enforcement and governments. The powerful surveillance app once installed is capable of accessing an iPhone user's photos, videos, audio recordings, device location, and Global Positioning System information. An attacker could also use the app to listen to audio recordings of the victims.
Exodus was found on several phishing sites created to look like legitimate information pages for mobile carriers based in Italy and Turkmenistan, according to research presented this week at the Kaspersky Security Analyst Summit conference.
According to Lookout, the iOS versions of the malware were available outside the App Store through phishing sites, that replicated Italian and Turkmenistani mobile carriers.
The phishing sites tricked users into believing that they are legit portals from mobile carriers.
Apple's Enterprise Certificate Program falls into more trouble as a recent report suggests that some group of professional developers have used the platform to develop a spyware app, capable of extracting data from user's iPhone.
The Android and iOS versions of Exodus have now been blocked.
Researchers from Lookout had contacted Apple about the malware, and the company has revoked the app's enterprise certificate. This also allowed apps to have access over all sorts of data within an iOS device but the only rule of the program was, that the app should be used within the organization. After this revocation, it's impossible to install it on your iOS device.
"In terms of capabilities on the iOS side, they're doing pretty much everything I'm aware of that you can do through documented Apple APIs, but they're abusing them to do surveillance-type activities", Adam Bauer, a senior staff security intelligence engineer at Lookout, told Wired. We are informed that the developer behind Assistenza app is Connexxa, a spyware maker.