iOS Malware
What is iOS Malware?
iOS MalwareMalicious software targeting Apple iPhones and iPads, including supply-chain attacks on app developers, mercenary spyware, and threats specific to jailbroken devices.
iOS is hardened by code signing, the App Sandbox, Pointer Authentication, BlastDoor, and Lockdown Mode, so most iOS malware needs unusual delivery paths. Documented examples include XcodeGhost (2015), a trojanized version of Apple's Xcode toolchain that injected data-exfiltration code into thousands of apps before they were uploaded to the App Store; KeyRaider (2015), which stole more than 225,000 Apple ID credentials from jailbroken devices; and Pegasus from NSO Group, repeatedly used in zero-click exploit chains against journalists and activists as documented by Citizen Lab and Amnesty International's Security Lab. Apple responds with rapid security updates, BlastDoor and Lockdown Mode mitigations, and threat notifications to potential targets.
● Examples
- 01
XcodeGhost-trojanized apps were uploaded to the App Store and exfiltrated device metadata to attacker servers.
- 02
Pegasus zero-click attacks against journalists were patched by Apple in iOS updates after Citizen Lab disclosure.
● Frequently asked questions
What is iOS Malware?
Malicious software targeting Apple iPhones and iPads, including supply-chain attacks on app developers, mercenary spyware, and threats specific to jailbroken devices. It belongs to the Mobile Security category of cybersecurity.
What does iOS Malware mean?
Malicious software targeting Apple iPhones and iPads, including supply-chain attacks on app developers, mercenary spyware, and threats specific to jailbroken devices.
How does iOS Malware work?
iOS is hardened by code signing, the App Sandbox, Pointer Authentication, BlastDoor, and Lockdown Mode, so most iOS malware needs unusual delivery paths. Documented examples include XcodeGhost (2015), a trojanized version of Apple's Xcode toolchain that injected data-exfiltration code into thousands of apps before they were uploaded to the App Store; KeyRaider (2015), which stole more than 225,000 Apple ID credentials from jailbroken devices; and Pegasus from NSO Group, repeatedly used in zero-click exploit chains against journalists and activists as documented by Citizen Lab and Amnesty International's Security Lab. Apple responds with rapid security updates, BlastDoor and Lockdown Mode mitigations, and threat notifications to potential targets.
How do you defend against iOS Malware?
Defences for iOS Malware typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for iOS Malware?
Common alternative names include: iPhone malware, iOS trojan.
● Related terms
- mobile-security№ 047
Android Malware
Malicious software that targets the Android operating system, typically distributed through sideloaded APKs, dropper apps on Google Play, or compromised third-party stores.
- malware№ 699
Mobile Malware
Malicious software that targets smartphones and tablets to steal data, intercept communications, mine cryptocurrency, or perform financial fraud.
- mobile-security№ 810
Pegasus Spyware (NSO Group)
A commercial mobile spyware developed by the Israeli company NSO Group that infects iOS and Android phones, often through zero-click exploits, and exfiltrates messages, calls, location, and microphone data.
- mobile-security№ 849
Predator Spyware (Intellexa)
Commercial mobile spyware developed by Cytrox and marketed by the Intellexa consortium, used by government customers against journalists, opposition politicians, and civil society on iOS and Android.
- mobile-security№ 562
Jailbreak (iOS)
The process of bypassing Apple's code-signing and sandbox restrictions on an iPhone or iPad so the user can install software that Apple has not approved.
- attacks№ 1116
Supply Chain Attack
An attack that compromises a trusted third-party software, hardware, or service provider in order to reach its downstream customers.
● See also
- № 695Mobile App Store Attack
- № 085Baseband Attack