One of the most common manifestations of malware is adware.
Adware comes in two forms. The first is generic spam/bait/purchase advertisements. They are typically delivered to you by link from a malicious website. These are fairly common, which is why we are so worried. Unfortunately they are also being spread through Facebook and other social media sites like Gmail and Yahoo.
The second type is more sophisticated and is more likely to work by injecting malicious JavaScript or Flash code onto your computer and redirecting it to a remote server.
These types of adware have been around since the start of computer security but this is the first time I have heard of them specifically targeting the iOS platform. They also likely employ some form of remote access capabilities like the ones described by the Krebs On Security blog.
In addition to this there have been reports that the “supercookie” (a unique, persistent URL) you enter into websites you visit is sent back to Apple. The more often that supercookie is used, the more likely that an Apple device is infected with adware.
So now you know how to protect yourself, the next question is what should you do about it? The first thing is to be proactive, which is the best thing you can do when it comes to protecting your device and online.
Don’t click on links from email
I personally like to just avoid email altogether. The more I read it, the less I like to. I really wish I did not need to click on anything ever again. But this is just a personal opinion, and I wouldn’t recommend it as a general solution for your online security.
If you do decide to use email to log in, make sure you are not clicking links from spam emails. Email based attacks are incredibly common, and if you use a spam filter (especially one that can match IP addresses) then you are already probably under attack anyway. Be aware of potential phishing scams and ensure you are clicking on web links that you believe to be safe.
Do not log into your mobile devices when you travel
In October of 2014, Reuters was the target of a massive cyberattack and the same kind of malware was used to destroy data and steal money from some of the news agency’s own clients. This is an example of a targeted attack, and while there are probably thousands of other examples of targeting news sites and generating revenue off this kind of data, this is an easy one to list.
iOS users should avoid using their iPhones or iPads overseas. However, if they need to communicate with family or friends in the US, it is far safer to use a computer over a phone. Any information stored on your phone can be accessed at any time and anyone with physical access to your phone could also access your contacts list and photos.
Access any Windows files remotely
This is one of the oldest tricks of malware authors and it is still regularly used today. Attackers are happy to infect your computer and install malware that has a range of other capabilities, but that usually have the purpose of uploading files to a remote server so that they can be used later for further attacks. There have been many reports of successful Windows file server infections over the years, but you may not even be aware of them. We suggest visiting websites like https://www.fortinet.com/resources/cyberglossary/access-control to start getting familiar with different network security terms.
