X-Agent, also referred to as “Sofacy,” is a remote access toolkit that works against the Android operating system and Apple’s iOS. This malware is known for its association to the state-sponsored hacker group “FANCY BEAR,” also known as “Sofacy” or “APT28,” a group tied to Russian Military Intelligence (GRU).
In August, Apple pushed an emergency iOS update to patch zero-day vulnerabilities, dubbed Trident. The zero-days include CVE-2016-4655, a memory corruption vulnerability, CVE-2016-4656, a kernel base mapping vulnerability, and CVE-2016-4657, a kernel memory corruption vulnerability that leads to jailbreaking the device. Israeli software company, NSO Group, sold the vulnerabilities and the spyware used to exploit them, called “Pegasus.”
Wirelurker is a mobile Trojan affecting Mac OS X and iOS devices. The malware will infect a Mac device, then lay dormant, waiting for an iOS device to be connected by USB, where it will download itself on to the iOS device through the USB cable.
Fusob is a one of the most prevalent forms of mobile ransomware. According to Kaspersky, Fusob represents over 56 percent of mobile ransomware activity between 2015 and 2016. US users make up approximately 11.4 percent of all Fusob victims. For US victims, the ransomware will display a screen with a statement claiming to be from NSA demanding a ransom for illegal actions taken and a criminal case will be opened if the fine is not paid.