Thursday February 22, 2024

iPhone Security Alert: Krampus-3PC malware targets iPhone users

An iPhone specific malware, Krampus-3PC, campaign has been spotted being actively exploited in the wild, according to a report.

By Web Desk
December 14, 2019

Undoubtedly, the iPhone is known as more protected and a better choice of smartphone regarding security perspective, even many  professionals and security researchers use it as their first choice. But it doesn't mean that users are immune from malware attacks.

As per reports, an iPhone specific malware, Krampus-3PC, seeks out victims’ device and session cookie information, in some cases redirects users to a malicious pop-up designed to phish sensitive data from them.

It is learnt that an  iPhone specific malware campaign has been spotted being actively exploited in the wild. The recent bugs that could allow an attacker to lock you out of your iPhone, vulnerabilities that could effectively brick the iPhone with a malicious iMessage.

Krampus-3PC malware

The Media Trust’s Digital Security & Operations (DSO) team was reported to have  detected Krampus-3PC,  redirecting iPhone users who visited certain online publishing websites. 

According to researchers,  the Krampus-3PC campaign targets iPhone users alone. The unique malware employed a whole raft of techniques to deliver the payload and avoid being picked up by conventional scanning and blocking technology. 

Devices that did not pass any of checks were not redirected. But if a device met all of the attackers’ parameters, then Krampus-3PB would execute a payload URL and send gathered user data to a command-and-control server, it added.

According to the Media Trust DSO , malvertising, also known as a badvert attack, was employed to distribute the Krampus-3PC malware. Many popular publishing websites, including online newspapers, are said to have inadvertently delivered up the malicious adverts from a legitimate advertising technology vendor.

The Media Trust report revealed that Krampus-3PC’s use of obfuscation techniques is markedly similar to another browser-hijacking malware called Ghostcat-3PC, which the had reported on earlier this year.