A number of pirated iOS applications have been spotted over the past couple of weeks on some Chinese app markets. According to experts, while such apps can’t cause much damage, the method that’s used to install them can be exploited in targeted attacks against organizations.
The pirated apps can be installed on phones that haven’t been jailbroken because they’re deployed via a method that allows enterprises to utilize their own custom apps.
Since the iOS sandbox hasn’t been compromised, the pirated applications have limited capabilities. Furthermore, since only a small number of users have installed the apps, they don’t represent a serious security threat.
However, Trend Micro Product Manager Warren Tsai warns that this does represent “an interesting avenue” for targeted attacks against enterprises.
“It wouldn’t take much effort to refine this into something that could more seamlessly get users to install apps on their own iOS devices via a link they receive on their desktop or laptop and connecting their phone via USB,” Tsai explained.