Skip to content

Your Apple devices are not as secure as you think. Learn how to raise their protection

Cyber criminals can use much simpler methods to bypass Apple security than malware.

Despite several notable cyber incidents, some iPhone and macOS users may still hold on to the myth that their devices are secure simply because of the way these operating systems are built. The simple answer to these claims is “they are not”; but let’s dive deeper.

Applications (Apps) on iPhone or iPad devices run in their own separate virtual spaces and can communicate with each other to a very limited extent. This also means that malicious applications can neither obtain information from other legitimate applications, nor can they usually spread like they would in the Android OS. This means devices running on iOS are less attractive for a majority of cyber criminals. On the other hand, it also means that an external antivirus app for iOS would only be able to scan itself, and thus, not work properly.

Much like iOS, macOS is also often considered to be more secure in comparison with other operating systems. Built-in protection measures mean lower potential for the creation of security loopholes because Apple created the iOS and macOS ecosystems and has full control over both the OS and app environments. As such, Apple has been seen as being less attractive for cybercriminals because of their lower share of the market.

Armed with that information, you may get a false sense of security about macOS’ and iOS’ security because of their designs, but that is not the end of the story. When attempting to attack devices, attackers have far more options than just using malware. There are other ways they can steal sensitive data, and that is why your iOS or macOS devices’ built-in protections are not enough, and why they can benefit from additional layers of security.

Responding to Apple customers’ needs, ESET brings forward new solutions on a consistent basis. This year’s offering is a huge step forward. Being a digital life protection vendor, ESET introduces two brand-new functionalities for iOS Virtual Private Network (VPN) and Identity Protection  (IP), to already present Password Manager. All these functionalities can be easily managed in updated ESET HOME, the complete security management platform.

MacOS users can have these new features, together with Modern Endpoint Security available in the new subscription-based premium tier product for customers, ESET HOME Security Ultimate.

 

What security threats are targeting iPhones and Macs?

Spreading malware across iPhone apps may be a tough nut to crack, but cyber-criminals can use much simpler methods to bypass Apple security.

For example, they may opt for social engineering techniques such as phishing websites or messages that try to impersonate legitimate companies or institutions to lure sensitive data from potential victims. In fact, Apple was the third-most-impersonated brand in phishing scams in Q2 2023.

Another scam is a false tech support call, wherein a user receives a call impersonating Apple’s support service and requiring personal details in order to deal with an impending problem. To make the call more believable, an attacker will use a spoofed ID, so the caller’s number looks like it is originating from a legitimate Apple support center.

Results of successful phishing attacks depend on how much data can be stolen from the victim in question. The extent of the damage varies from a hijacked e-mail account used for spreading spam to more serious incidents, such as identity theft or money withdrawn from an account.

Your iPhone can be also targeted while using unprotected public Wi-Fi. Connecting to an airport’s Wi-Fi during your travels may be convenient, but also may result in a loss of your sensitive data such as credit card details or passwords. Most public Wi-Fi networks don’t encrypt communications between your device and the router, making your data susceptible to interception.

Lastly, there’s old-school pickpocketing. In February 2023, The Wall Street Journal reported on iPhone thieves across the US who were locking people out of their Apple accounts and draining their bank accounts. First, the thieves watched their victims closely to learn their passcodes, then (physically) stole the devices. Armed with the passcodes, they invaded their victims’ personal and financial lives, while also effectively preventing the iPhones’ owners from locating their phones.

Macs face similar problems when connected to public Wi-Fi, as their users can face phishing threats via emails, private messages, and phony websites, among other threat vectors. Lastly, there are numerous pieces of malware specifically targeting macOS, such as CloudMensis, which was recently discovered by ESET researchers.

How can ESET VPN help?

In general, using public Wi-Fi is not recommended because it is often unsecure. But if you still want to stay connected while in a hotel room or at the airport, connect with a VPN, which establishes a private network connection, making internet users anonymous. After connecting to the ESET VPN application, a user’s device receives a new dynamic IP address, and online traffic is secured and encrypted.

This way, ESET VPN prevents cyber criminals from stealing user data while using public Wi-Fi, and makes it more difficult for third parties to track a user’s activity online, while ESET does not keep logs.

Moreover, using a VPN service can also bring other advantages. For example, users can enjoy access to their favorite streaming services from different parts of the world without geo-blocking.

Introducing Identity Protection* service

Since Apple customers can also fall victim to identity theft, ESET introduces its new Identity Protection* (IP) service for iOS and macOS. It monitors the dark web, searching for leaked sensitive information previously entered by a user such as name, phone number, and account credentials.

If a user is the victim of a data breach, they will be notified if the data they previously entered is found somewhere else online.

For US customers, the IP feature also includes Credit Report Monitoring, Smart SSN (Social Security number) Tracker, Social Media Identity Monitoring, Identity Theft Insurance up to $1 mil., and an on-call identity restoration service. Users will also be notified about leaked credit/debit cards and changes made to credit reports so that they can act against potential misuse of their personal information.

Why having a password manager and 2FA might be useful

Apple has its own password manager iCloud Keychain that stores and protects your passwords, but there are some known vulnerabilities. For example, iPhone thieves described by the Wall Street Journal can also bypass Keychain using stolen passcodes. Having a separate password manager from a different vendor gives you an extra layer of protection in such situations.

ESET Password Manager not only protects and stores your passwords and personal data, but the built-in password generator also prompts you to create strong, unpredictable passwords that you don’t have to remember.

Login credentials are stored automatically as new accounts are created. ESET Password Manager also includes a form completion feature that saves you time by completing web forms automatically and accurately.

To improve account protection even further, experts suggest setting up two-factorial authentication (2FA). This creates an additional authentication layer in case your password has been breached or stolen.

Easily manage your security on the ESET HOME platform

Operating a VPN, Identity Protection*, Password Manager, and 2FA might all sound too complex and time-consuming for a regular iPhone user. But in fact, you can easily manage all these features and more from one, easy-to-use platform, ESET HOME.

This complete security management platform and its companion mobile app for Android and iOS offer users a convenient and informative management dashboard with information about their ESET products, devices, licenses, and services, while also making it all accessible anywhere they go, whenever they need it.

ESET HOME also serves as a notification hub that presents connected devices as an ecosystem, where users can always easily check the security status of their connected devices.

Cyber incidents like leaked private photos of celebrities, iPhone passcode scams, and numerous malwares targeting Macs are proof that even iOS and macOS are not impenetrable, and that there is a need for extra layers of protection. Therefore, having features such as VPN and Identity Protection* can be quite handy, especially if they are easy to manage.

*Currently available in US market only, with global roll out planned in H1/2024

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET  
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

ESET Research: Android malware Kamran spying via news app on residents of the disputed Kashmir region

  • ESET Research has discovered Android spyware, which ESET researchers named Kamran, that has been distributed via a possible watering-hole attack on the Hunza News website.
  • The malware targets residents using Urdu language in Gilgit-Baltistan, part of the disputed Kashmir region that is administered by Pakistan.
  • The malicious app prompts the user to grant it permissions to access various information. If accepted, it gathers data about contacts, calendar events, call logs, location information, device files, SMS messages, and images.

BRATISLAVA, KOŠICE — November 09, 2023 — ESET researchers have identified what appears to be a watering-hole attack on a regional news website that delivers news about Gilgit-Baltistan, a region administered by Pakistan. Gilgit-Baltistan consists of the northern region of the greater Kashmir territory, embroiled in longstanding disputes involving India and Pakistan (since 1947) as well as between India and China (since 1959). Watering-hole attacks are a type of threat where a commonly visited website is compromised to serve malware. When opened on a mobile device, the Urdu version of the Hunza News website offers readers the possibility to download the Hunza News Android app directly from the website; however, the app has malicious espionage capabilities. Urdu is the official and main language of communication used for inter-ethnic communication within this disputed region. ESET has named this previously unknown spyware Kamran.

The word Kamran was used by ESET to name this spyware due to its package name “com.kamran.hunzanews.” Kamran is a common given name in Pakistan and other Urdu-speaking regions; in Farsi, which is spoken by some minorities in Gilgit-Baltistan, it means fortunate or lucky.

The Hunza News website has both English and Urdu versions; English is the second official language spoken in the region. The English mobile version doesn’t provide any app for download. However, only the Urdu version on mobile offers to download the Android spyware in question. While the English and Urdu desktop versions also offer the Android spyware, it is not compatible with desktop operating systems. ESET Research reached out to Hunza News regarding Kamran, however, the website provided no response prior to the publication of this research.

The Kamran spyware displays the content of the Hunza News website but also contains custom malicious code. Upon launching, the malicious app prompts the user to grant it permissions to access various information. If accepted, it gathers data about contacts, calendar events, call logs, location information, device files, SMS messages, images, etc. If the requested permissions to the app are granted, Kamran automatically gathers this sensitive user data and uploads it to a hardcoded command and control (C&C) server. The C&C server was reported to Google, as the platform misused by the spyware is provided by them. However, the malware lacks remote control capabilities.

This malicious app has never been offered through the Google Play Store but is instead downloaded from a source referred to as Unknown by Google, to install this app, the user is requested to enable the option to install apps from unknown sources. ESET was able to identify at least 22 compromised smartphones, with five of them being located in Pakistan.

The malicious app appeared on the website sometime between January 7, 2023, and March 21, 2023; the developer certificate of the malicious app was issued on January 10, 2023. During that time, protests were being held in Gilgit-Baltistan for various reasons encompassing land rights, taxation concerns, prolonged power outages, and a decline in subsidized wheat provisions.

“With a high degree of confidence, we can affirm that the malicious app specifically targeted Urdu-speaking users, who accessed the website via Android devices. However, since Kamran demonstrates a unique codebase, distinct from other Android spyware, this prevents its attribution to any known advanced persistent threat – APT – group,” says ESET researcher Lukáš Štefanko, who discovered the Kamran spyware. “This spyware shows once again that it is important to reiterate the importance of downloading apps exclusively from trusted and official sources,” he adds.

Hunza News, likely named after the Hunza District or the Hunza Valley, is an online newspaper delivering news related to the Gilgit-Baltistan region. Internet archive data shows that the site has been delivering news since 2013. In 2015, Hunza News started to provide a legitimate Android application that was available on the Google Play Store. Based on available data, ESET Research believes two versions of this app were released on Google Play, with neither containing any malicious functionality.

For more technical information about Kamran spyware, check out the blogpost “Unlucky Kamran: Android malware spying on Urdu-speaking residents of Gilgit-Baltistan.” Make sure to follow ESET Research on Twitter (today known as X) for the latest news from ESET Research.

 



About ESET
ESET develops software solutions that deliver instant, comprehensive protection against evolving computer security threats. ESET pioneered and continues to lead the industry in proactive threat detection. ESET NOD32 Antivirus, its flagship product, consistently achieves the highest accolades in all types of comparative testing and is the foundational product that builds out the ESET product line to include ESET Smart Security. ESET Smart Security is an integrated antivirus, antispyware, antispam and personal firewall solution that combines accuracy, speed and an extremely small system footprint to create the most effective security solution in the industry. Both products have an extremely efficient code base that eliminates the unnecessary large size found in some solutions. This means faster scanning that doesn’t slow down computers or networks. Sold in more than 160 countries, ESET has worldwide production headquarters in Bratislava, SK and worldwide distribution headquarters in San Diego, U.S. ESET also has offices in Bristol, U.K.; Buenos Aires, AR; Prague, CZ; and is globally represented by an extensive partner network. For more information, visit our local office at https://eset.version-2.sg.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The Company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which includes Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities. For more information, please visit https://www.version-2.com.sg/ or call (65) 6296-4268.

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET  
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

ESET recognized as a “Strong Performer” in prestigious Endpoint Security report

  • ESET has been cited as a “Strong Performer” in the renowned “Endpoint Security, Q4 2023” report.
  • ESET’s business endpoint solutions excel in endpoint malware and exploit prevention, offering robust mobile device security, device management, and vulnerability and patch management for all supported endpoints. 

BRATISLAVA — November 08, 2023 — ESET, a global cybersecurity leader, has been acknowledged as a “Strong Performer,” according to The Forrester Wave™: Endpoint Security, Q4 2023 report. Forrester, a respected analyst firm, meticulously researched and analyzed 13 top endpoint security vendors in its 25-criterion evaluation to guide security and risk professionals in selecting the right solution for their needs.

The report underscores the critical role of endpoint security solutions, acting as the first and last line of defense for business users, safeguarding their devices from malware, detecting and responding to malicious actions, and resolving incidents swiftly and efficiently. The report states that “ESET’s differentiator is that it’s able to support organizations that need to maintain an air-gapped infrastructure;” highlighting, in our opinion, the company’s commitment to meeting diverse security needs.

The report also noted that ESET has dominant prevention engines when it comes to malware and exploits target at endpoints — its mobile device security provides mobile device management, and the solution includes vulnerability and patch management for all supported endpoints.

Jakub Debski, Chief Product Officer at ESET, stated, “Safeguarding our users and their businesses against the most sophisticated advanced threats is at the core of our business mission at ESET. In today’s rapidly evolving digital landscape, it is essential for businesses to have access to robust and state-of-the-art detection and response tools. We are confident that security and risk professionals can make informed decisions for their organizations by choosing ESET’s innovative solutions — allowing the companies to focus on their operations, simplifying their security through ESET’s unified XDR platform.”

ESET believes Forrester’s recognition positions ESET as a competitive player in the endpoint security market, reinforcing the company’s reputation for delivering advanced and reliable security solutions. ESET remains steadfast in its mission to empower businesses with cutting-edge digital security tools, ensuring robust protection against evolving cyber threats.For more information about ESET and its endpoint security solutions, please read here. The full report can be downloaded here by Forrester clients or through purchase.

For more information about ESET and its endpoint security solutions, please read here.

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET  
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

Simple antivirus is not enough anymore. ESET is introducing all-in-one protection for consumers

BRATISLAVA — November 15, 2023 —ESET, a global leader in cybersecurity, today announced the launch of its new innovative and streamlined offering for consumers. With more than 30 years on the market, ESET has moved to unify its broadly deployed consumer product portfolio. Specifically, ESET is introducing three brand new customer-centric subscription tiers, providing both broad and reliable digital life protection via new features, such as a Virtual Private Network (VPN) and a Browser Privacy & Security extension.

Responding to the increasing demand for an all-in-one solution that offers intuitive use of these new features, ESET is introducing an improved ESET HOME—a comprehensive security management platform. Available across all major operating systems—Windows, macOS, Android, and iOS—and includes visibility into home networks and connected smart devices.

„At ESET, we’re thrilled to unveil our cutting-edge consumer solutions. It’s more than just security – it’s a comprehensive portfolio designed to keep our customers safe in today’s digital landscape. We’re dedicated to advancing technology without compromising their safety. Our team has poured their expertise into creating a powerful blend of AI, human insight, and cloud protection, delivering a state-of-the-art defense against a multitude of cyber threats. The new ESET HOME Security subscription tiers offer multilayered security, protect privacy, and keep the devices and homes of our customers safe. With ESET, they’re not just protected; they’re empowered to explore, connect, and thrive securely,“ said Mária Trnková, Chief Marketing Officer at ESET.

Complete security management platform

Research among ESET customers shows that the vast majority of ESET HOME users define themselves as home admins, those who take care of their household’s digital security. They are tech savvy but don’t want to spend much time managing ESET products. To meet customers’ needs, ESET has made improvements to ESET HOME. Now, as a complete security management platform, it is a seamless part of the user experience. In this version, managing devices, making online purchases, subscription activation and renewal, downloading or upgrading security solutions, and enabling powerful functionalities like VPN security, Password Manager, and more.

To enhance user experience and simplify the platform’s management, ESET has made several interface changes, including the introduction of Overall Protection Status, so users can see the level of protection for their households in one view. This combines both the validity status of a user’s subscriptions and the security status of devices connected to the account in three categories: Protected, Attention Required, and Security Alert.

These changes aim to provide customers with cutting-edge protection, while minimal interaction is needed to set up the product. At the same time, this new ecosystem provides meaningful options and functionality for proactive users who want to control and customize it. ESET HOME is an easy-to-use web portal and mobile app available for both iOS and Android.

Explore new subscription tiers and their features

Also introduced with this launch are three subscription tiers for this new ecosystem—ESET HOME Security Essential, ESET HOME Security Premium, and ESET HOME Security Ultimate. Subscription tiers provide all-in-one protection, from the entry-level of protection up to the ultimate level, covering the complex needs of individuals and their households for digital life privacy and security. ESET HOME Security subscriptions are available on all major operating systems—Windows, macOS, Android, and iOS.

ESET HOME Security Essential is an entry-level subscription tier with protection features, including improved modern endpoint security and multilayered real-time protection, as well as additional tools that further enhance the user’s ability to protect against various threats. Included are the Safe Banking and Safe Browsing features, designed to protect users’ sensitive data, and Network Inspector, a diagnostic tool providing information on the security of the user’s router and display of devices connected to the network. Newly developed browser extensions provide enhancement of the Browser Privacy & Security feature. This includes cleanup tools, such as Browser Cleanup, which cleans cookies, history, and much more from the browser, regularly or on demand.

The middle tier, ESET HOME Security Premium, extends the feature set further by adding other security functionalities, such as a Password Manager, which protects and stores users’ passwords and personal data. This includes an automatic and accurate form-filling feature, saving users time when filling out web forms. Secure Data functionality boosts their privacy and security with powerful encryption of files and removable media, preventing data theft in the event of USB or laptop loss and ensuring secure collaboration and data sharing. ESET HOME Security Premium offers the ESET LiveGuard tool, cloud-based protection specifically designed to mitigate never-before-seen threats.

ESET HOME Security Ultimate is the most advanced subscription tier; it seamlessly provides complex all-in-one protection and introduces a brand-new ESET feature: VPN. This feature is also complemented by the browser extension functionality (Browser Privacy & Security), to ensure that the user’s browsing is protected. Additionally, Metadata Cleanup removes metadata from uploaded pictures to the browsers on Windows. Website Settings Review allows users to easily review and change permissions granted to websites.

Enhancing online security: Introducing VPN feature

ESET’s new VPN feature offers users a confidential internet experience by establishing a private network connection guaranteeing protection while using public Wi-Fi, and enforcing a strict no-logs policy to make it more difficult to track. It encrypts users’ online activities and enables unlimited bandwidth access to geo-restricted content, including unrestricted and private access to websites in more than 60 countries worldwide. Thanks to this feature, users can securely access their home countries’ TV shows and movies while traveling or enjoy their favorite streaming services from different parts of the world. Even more features are available on the VPN service running on desktop, including DNS leak protection, MAC spoofing, proxy gateway for other devices, firewall, and split tunneling. By adding a VPN on iOS, ESET is strengthening its presence on this platform, where Password Manager and ESET HOME are already established.

Device-tailored security solutions

ESET HOME Security takes device protection to a new level by seamlessly integrating a suite of standalone device protection solutions tailored to meet customers’ security needs. This includes ESET NOD32 Antivirus, ESET Mobile Security for Android, Parental Control for Android, and ESET Smart TV Security.

More information about the new consumer offering and subscription tiers can be found here.

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET  
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

ESET Research: Infamous IoT botnet Mozi taken down via a kill switch

  • ESET researchers have observed the sudden demise of one of the most prolific Internet of Things (IoT) botnets: Mozi has been responsible for the exploitation of hundreds of thousands of devices a year since 2019.
  • ESET observed a drop in Mozi’s activity in India and China in August, later discovering a kill switch that disabled the malware and stripped the Mozi bots of their functionality.
  • There are two potential instigators for this takedown: the original Mozi botnet creator or Chinese law enforcement, perhaps enlisting or forcing the cooperation of the original actor or actors. The sequential targeting of India and then China suggests that the takedown was carried out deliberately, with one country targeted first and the other a week later.

BRATISLAVA — November 1, 2023 — ESET Research recently observed the sudden demise of one of the most prolific Internet of Things (IoT) botnets, named Mozi, infamous for exploiting vulnerabilities in hundreds of thousands of IoT devices each year. User Datagram Protocol (UDP) observed an unanticipated drop in activity that began in India and was also observed in China a week later. The change was caused by an update to Mozi bots that stripped them of their functionality. A few weeks following these events, ESET researchers were able to identify and analyze the kill switch that caused Mozi’s demise.

“The demise of one of the most prolific IoT botnets is a fascinating case of cyber forensics, providing us with intriguing technical information on how such botnets in the wild are created, operated, and dismantled,” says ESET researcher Ivan Bešina, who investigated the disappearance of Mozi.

On September 27, 2023, ESET researchers spotted the control payload (configuration file) inside a UDP message missing the typical content; its new activity was in fact to act as the kill switch responsible for Mozi’s takedown. The kill switch stopped the parent process – the original Mozi malware – and disabled certain system services, replaced the original Mozi file with itself, executed certain router/device configuration commands, and disabled access to various ports.

Despite the drastic reduction in functionality, the Mozi bots have maintained persistence, indicating a deliberate and calculated takedown. ESET analysis of the kill switch showed a strong connection between the botnet’s original source code and recently used control payloads that were signed by the correct private keys.

“There are two potential instigators for this takedown: the original Mozi botnet creator or Chinese law enforcement, perhaps enlisting or forcing the cooperation of the original actor or actors. The sequential targeting of India and then China suggests that the takedown was carried out deliberately, with one country targeted first and the other a week later,” explains Bešina.

For more technical information about the demise of the Mozi botnet, check out the blog post “Who killed Mozi? Finally putting the IoT zombie botnet in its grave” Make sure to follow ESET Research on Twitter (now known as X) for the latest news from ESET Research.

About Version 2
Version 2 is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET  
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

×

Hello!

Click one of our contacts below to chat on WhatsApp

×