December 17, 2014 - iOS and Android OS Targeted by Man-in-the-Middle Attacks
Akamai Contacts Rob Morton
Media Relations
617-444-3641
rmorton@akamai.com
or
Tom Barth
Investor Relations
617-274-7130
tbarth@akamai.com
Malicious actors target mobile devices; Attacks install remote access Trojans to phish for login credentials
Advisory details Xsser mRAT, a remote-access Trojan for mobile devices
CAMBRIDGE, Mass. December 17, 2014 Akamai Technologies, Inc. (NASDAQ: AKAM), the leading provider of cloud services for delivering, optimizing and securing online content and business applications, today released, through the companys Prolexic Security & Research Team (PLXsert), a new cybersecurity threat advisory. The advisory alerts enterprises, governments and individuals to the Xsser mobile remote access Trojan (mRAT), which targets iOS and Android devices. The Xsser mRAT is spread through man-in-the-middle and phishing attacks and may involve cellphone tower eavesdropping for location-specific attacks. The advisory is available for download from www.stateoftheinternet.com/xsser.
Sophisticated malicious actors are targeting unsuspecting mobile device users, said Stuart Scholly, senior vice president and general manager, Security Business Unit, Akamai. Attackers are impersonating or bypassing Google and Apple app stores and using social engineering to trick users into downloading unverified apps that install malicious applications such as the Xsser remote access Trojan onto a users mobile device. For example, attackers offered a counterfeit Flappy Birds app download to deliver the malicious software.
Jailbroken iOS devices at risk
Jailbreaking is the process of removing limitations and security checks in the iOS operating system in order to allow users to install applications from other application stores. In China, for example, 14 percent of the 60 million iOS devices are estimated to have been jailbroken, often to support the use of third-party Chinese character keyboard apps. Jailbroken phones are at greater risk for malware.
Mobile remote access Trojan: the Xsser mRAT
Formerly, Xsser mRAT targeted only Android devices, but a new variant infects jailbroken iOS devices. The app is installed via a rogue repository on Cydia, the most popular third-party application store for jailbroken iPhones. Once the malicious bundle has been installed and executed, it gains persistence - preventing the user from deleting it. The mRAT then makes server-side checks and proceeds to steal data from the users device and executes remote commands as directed by its command-and-control (C2) server.
Infected phones with the remote access software installed could be used for a wide variety of malicious purposes including surveillance, the stealing of login credentials, launching distributed denial of service (DDoS) attacks, and more, added Scholly. With more than a billion smartphone users worldwide, this kind of malware creates significant risks to privacy and a risk of rampant illegal activity.
The best protection is to prevent infection
It is difficult to detect whether a phone is under attack from malware such as Xsser mRAT, so a focus on prevention is necessary. Virtual private networks (VPN), two-factor authentication, peer-to-peer proximity networking and commercial phone security applications can provide some protection. Avoiding the use of free Wi-Fi hotspots and automatic connections, ignoring unexpected communications, not jailbreaking phones and not using apps from untrusted sources are some of the self-protection approaches discussed in the advisory.
Get the Man-in-the-Middle Attacks Target iOS and Android Threat Advisory to learn more
In the advisory, PLXsert shares its analysis and details, including:
Open source intelligence about attacks against mobile devices
How attackers access Android devices
How attackers access iOS devices
Man-in-the-middle GSM and CDMA vulnerabilities
Why jailbroken phones are at high risk
How Xsser mRAT ends up on mobile phones
The malicious use of the Cydia repository
Infection prevention tips
A complimentary copy of the threat advisory is available for download at www.stateoftheinternet.com/xsser.
About Akamai
Akamai is the leading provider of cloud services for delivering, optimising and securing online content and business applications. At the core of the Companys solutions is the Akamai Intelligent Platform , providing extensive reach, coupled with unmatched reliability, security, visibility and expertise. Akamai removes the complexities of connecting the increasingly mobile world, supporting 24/7 consumer demand, and enabling enterprises to securely leverage the cloud. To learn more about how Akamai is accelerating the pace of innovation in a hyperconnected world, please visit www.akamai.com or blogs.akamai.com, and follow @Akamai on Twitter.
Most recent headlines
05/01/2027
Worlds first 802.15.4ab-UWB chip verified by Calterah and Rohde & Schwarz to be ...
01/06/2026
January 6 2026, 05:30 (PST) Dolby Sets the New Standard for Premium Entertainment at CES 2026
Throughout the week, Dolby brings to life the latest innovatio...
02/05/2026
Dalet, a leading technology and service provider for media-rich organizations, t...
01/05/2026
January 5 2026, 18:30 (PST) NBCUniversal's Peacock to Be First Streamer to ...
07/04/2026
Share
Copy link
Facebook
X
Linkedin
Bluesky
Email...
07/04/2026
Share
Copy link
Facebook
X
Linkedin
Bluesky
Email...
07/04/2026
Share
Copy link
Facebook
X
Linkedin
Bluesky
Email...
07/04/2026
Share
Copy link
Facebook
X
Linkedin
Bluesky
Email...
07/04/2026
Designed for synchronized multi-stream playback, low-latency delivery, and real-time analytics, MATCH introduces a unified viewing experience for sports broadca...
07/04/2026
Berklee Students to Honor George Martin with Performance of Original Scores The orchestra, led by associate professor Xander Rovang, will perform several work...
06/04/2026
Michigan legends bring a new voice to the broadcast as TNT Sports and CBS Sports...
06/04/2026
From high school sports all the way up to the major leagues, building high-quali...
06/04/2026
Quickplay, an AI company for the media and entertainment industry, has been accepted into the Advanced tier of the TwelveLabs Ecosystem Partner Program. Quickpl...
06/04/2026
Grass Valley has announced the Future Playmakers Program, a global initiative to...
06/04/2026
El l der de operaciones impulsa la producci n en estudio mientras encuentra insp...
06/04/2026
The ops leader helps lead the charge in studio for the Spanish-language broadcas...
06/04/2026
Behind The Mic provides a roundup of recent news regarding on-air talent, includ...
06/04/2026
The National Hockey League (NHL), in partnership with Verizon and the New Jersey Devils, today announced the opening of the NHL Innovation Lab powered by Verizo...
06/04/2026
Rock League, a new professional curling league, has announced that ESPN+ will stream its inaugural 2026 season for fans in the United States. The first Rock Lea...
06/04/2026
Advanced Systems Group has announced the appointment of Andrea (Andy) Cummis as Vice President of Systems Design and Engineering. In this role, she will lead de...
06/04/2026
Backed by Bolt Ventures, the venture brings Bryson DeChambeau, Grant Horvat, and...
06/04/2026
With this environment we can start that collaboration even earlier because we ca...
06/04/2026
Like the immortal lives of vampires, some stories never really end. That's t...
06/04/2026
As podcasting continues to evolve, growth increasingly means building beyond aud...
06/04/2026
Multiband dynamics plug-in enhanced
California-based developer FSK Audio have released a significant update for their innovative multiband dynamics processo...
06/04/2026
Share official & user-created full-rig presets
IK Multimedia's latest TONEX update makes it possible for users of the popular amp and effects modelling ...
06/04/2026
Share
Copy link
Facebook
X
Linkedin
Bluesky
Email...
06/04/2026
Share
Copy link
Facebook
X
Linkedin
Bluesky
Email...
06/04/2026
Dalet Showcases Dalia Agentic AI and End-to-End Media Workflows at NAB Show 2026
Brie Clayton April 6, 2026
0 Comments
Dalet, a leading technology and...
06/04/2026
OpenDrives Shows Off Sports Expertise in Sports Business Hub located in NAB Show...
06/04/2026
Proton to Demonstrate 3D Application at NAB 2026
Brie Clayton April 6, 2026
0 Comments
Yet further creative potential unleashed through innovation in ...
06/04/2026
Autoscript Highlights Voice-Driven Prompting and PTZ Solutions at NAB 2026
Brie Clayton April 6, 2026
0 Comments
Experience Autoscript Voice, PTZ prom...
06/04/2026
Mediaproxy Highlights Significant Enhancements to its LogServer suite at NAB Sho...
06/04/2026
Wayne, N.J., April 6th, 2026 Phantom High-Speed announces the release of PCC 4...
06/04/2026
April 6th, 2026
TRIBECA STUDIOS AND LILLY ANNOUNCE WINNERS OF INAUGURAL VITAL...
06/04/2026
Back to All News
Netflix Expands Kids Entertainment Lineup With Playground App ...
05/04/2026
Tackles all reported bugs!
SoundBridge have just announced the launch of a new update that introduces a couple of minor changes to their remote collaboratio...
04/04/2026
The University of Arizona's Men's Basketball team has only loss twice th...
04/04/2026
1080p HDR arrives, a new generation of storytelling tools takes center stage, an...
04/04/2026
Michigan legends bring a new voice to the broadcast as TNT Sports and CBS Sports...
04/04/2026
Faster, cleaner and more intuitive than ever
The control software for Flock Audio's digitally controlled patchbay systems has just been treated to an up...
04/04/2026
Share
Copy link
Facebook
X
Linkedin
Bluesky
Email...
04/04/2026
Share
Copy link
Facebook
X
Linkedin
Bluesky
Email...
04/04/2026
Share
Copy link
Facebook
X
Linkedin
Bluesky
Email...
04/04/2026
Share
Copy link
Facebook
X
Linkedin
Bluesky
Email...
04/04/2026
DHD Introduces AI-Based Audio Noise Reduction to XD3 IP Core
Brie Clayton April 3, 2026
0 Comments
The accompanying image shows the rear panel of the ...
04/04/2026
Macnica Redefines ST 2110 Flexibility with Two Speeds on One Card
Brie Clayton April 3, 2026
0 Comments
New for NAB Show 2026, MEP100 SmartNIC now sup...
04/04/2026
Unified Media Workflows for Story-Centric Production
Brie Clayton April 3, 2026
0 Comments
Framelight X unifies field capture, editing and publishing ...
03/04/2026
Michigan's Fab Five will reunite for an alternate presentation of the Mich...
December 17, 2014 - iOS and Android OS Targeted by Man-in-the-Middle Attacks 
