Security researchers have discovered that the intrusive Exodus spyware app originally designed for Android devices has found its way onto iOS devices.

This new malware is a little different to traditional iOS spyware (such as FlexiSpy) and works by exploiting Apple-issued enterprise certificates, allowing it to completely bypass the heavily moderated App Store and infect unsuspecting victims.

Whilst slightly less powerful than it’s Android counterpart, the iOS version of Exodus is still capable of silently accessing the victim’s contacts, photos, videos, GPS location data and can even be remotely triggered to listen in on people’s conversations.

This particular malware was distributed through phishing sites that imitate Italian and Turkmenistani mobile carriers and was disguised as a carrier assistance app.  Victims were tricked into installing the app in order to receive tech support from their carrier.

It’s unknown how many people fell victim to Exodus, but Apple has recently revoked the offending certificates (belonging to Connexxa S.R.L.) meaning that no new instances of this app can be installed and existing installations can no longer be run.

How to detect Exodus (or any malicious enterprise app) on your iPhone

Whilst Apple has blocked this attack from Connexxa S.R.L., the potential for other malware developers to exploit enterprise certificates in the same way still exists. It brings into question how many other enterprise certificates are being used for malicious purposes, but have not yet been brought to Apple’s attention?

If you are concerned about Exodus or other malicious enterprise apps, then you can follow the steps below to check your device:

Step 1 – Open the “Settings” app on your iPhone and tap “General”

Step 2 – Look for “Profiles & Device Management”. Depending on your iOS version this might be called just “Profiles” or “Device Management”. Tap to open and continue to step 3.

If you cannot see this option then you do not have any enterprise apps installed, meaning your device is currently safe from this attack.

Step 3 – Check the page to see if you have any enterprise apps installed on your device.

There are legitimate reasons for enterprise apps being installed on a device. For example, if you work for an organisation that uses internal apps. If you find an enterprise app that you do not recognize, please send details to lab@certosoftware.com for analysis.

Step 4 – If you wish to remove an enterprise app then tap the enterprise app name and tap “Delete App”

Can I check my iPhone for other spyware?

Apple enterprise certificate malware is just one way that someone could spy on your iPhone.  At Certo we specialize in iPhone spyware detection and are trusted by thousands of people to safeguard their devices.

Certo’s industry-leading spyware detection tool can check your device in a matter of minutes and will alert you if your device contains spyware, even if its completely hidden.

Scan Your iPhone