iPhone ‘Masque Attack’ installs fake apps to hack user data

iPhone users have been warned about a recently discovered Apple security flaw that enables hackers to install fake apps and steal personal data.

The US government’s Computer Emergency Readiness Team (US-CERT) has issued information regarding the hack, informing iPhone owners to be wary of clicking malicious links.

Read more: US gov’s top security contractor owned by hackers for months and didn’t notice

The vulnerability was initially discovered by security company FireEye and has been dubbed ‘Masque Attack.’ Once users click on a link claiming to offer an application or service, hackers install software that mimics an existing app, allowing them to steal information from the handset.

The attack also makes it possible to monitor a device’s background activity, such as web browsing. The FireEye team has released a video explaining how the attack works, which is shown above.

In spite of the warning issued by the US government, Apple insists that there have been no reported victims of the hack.

“We designed OS X and iOS with built-in security safeguards to help protect customers and warn them before installing potentially malicious software,” a company spokesperson told the Telegraph.

“We’re not aware of any customers that have actually been affected by this attack. We encourage customers to only download from trusted sources like the App Store and to pay attention to any warnings as they download apps. Enterprise users installing custom apps should install apps from their company’s secure website.”

Read more: WireLurker attacks Apple products, leaves iPhones and iPads open to attack

US-CERT has echoed the Cupertino-based company’s advice, telling users that if an app shows an “Untrusted App Developer” alert, they should click “Don’t Trust” and uninstall the software immediately.