A new PoC iOS Trojan shows how the malware can avoid being removed from a user’s memory. The malware acts by faking an iPhone shutdown in order to avoid termination.
Trojan Malware for iOS Avoids Termination
According to the story by TechRadar, cybersecurity researchers coming from ZecOps have demonstrated how a new Trojan malware for iOS devices, which include iPhones, can avoid being terminated. The malware does this by faking a shutdown.
Most of the time, iOS malware can be eliminated by rebooting a device. This will help by clearing the memory all in all.
Potentially Harmful Malware Strain
Malware strain, however, could potentially trick their victims into thinking that their own device was shut down when it wasn’t and remained operational. The proof of concept malware which is called “NoReboot” follows a series of steps.
Here’s How the First Phase of the Malware Functions:
- iOS users will need to hold the power button as well as either the volume button until the slider showing the reboot option appears.
- Users will then have to interact with the slider in order to initiate the shutdown.
It is the first project that the malware hijacks. Instead of triggering the actual shutdown, the malware will send a very specifically crafted code that makes the device non-responsive to user input.
The malware will then trigger a shutdown process indicator showing the spinning wheel and start monitoring for the user’s physical button clicks and screen touches. The malware will then be able to know when the victim tries to “turn on” the device, and to this, they will prevent them from pressing the power button for too long, which would trigger a hard reset.
Researchers Explain Users Will Still See Apple Logo
The researchers explained that the malware would exit all the processes and restart the system even without touching the kernel. In addition, the kernel still remains patched.
The malicious code won’t have any problem when it comes to continuing to run despite a reboot. The researchers added that users will still see the Apple Logo effect upon restarting.
Apple Might Not Patch Up the Issue
As a result of this, it will be impossible for users to physically detect if the device has been turned off or not. BleepingComputer, notes that they believe Apple won’t bother patching up the issue describing it as a trick instead of an actual malware that exploits the device’s flaws.
It remains unclear how the Trojan can handle other potential red flags, including the SIM PIN prompt after every restart or even what happens should a user decide to shut a certain device down by going directly to Settings>General>Shut Down.