See the FireEye article here
Hackers are taking advantage of vulnerability in Apple's iOS mobile operating system to install malicious software disguised as popular apps such as Facebook, Twitter and WhatsApp to steal personal information.
The installation happens when a user clicks a link that may have been sent to them via email, text message or even a fake advertisement on a website, according to a new report by cybersecurity firm FireEye.
A fake and malicious app is installed that looks like the legitimate version on a user's device. And unlike the normal version of the app, the hacker's version can steal sensitive information and send it back to a remote server.
The hack could potentially be used on different mobile operating systems but so far FireEye has only seen it employed on iOS version 8.1.3 and before. This particular hack also works on iOS devices that haven't been modified to bypass certain restrictions imposed by Apple -- which were typically seen as safe from attack.
This attack was discovered from the 400GB worth of files leaked when an Italian company that sells surveillance technology to governments was hacked last month.
The data dump from Hacking Team is likely to lead to more severe attacks, according to FireEye, which many are not prepared for.