[for-q-clinton]

So is this only on jail break phones or is it on a normal iPhone? No way can this be on normal iPhone right? No way could Apple screw up this bad.

[Swordmaker]

So is this only on jail break phones or is it on a normal iPhone? No way can this be on normal iPhone right? No way could Apple screw up this bad.

This is on regular CHINESE iOS App Store devices. The exposure outside of China is extremely limited. It does not require jailbreaking the iPhone or iPad. The claim that private data can be stolen or that the seems to be compromised apps can be used to download and install other malware has not been proved to be true as no secondary malware has been found. The malware encrypts and uploads the following:

• Current time
• Current infected app’s name
• The app’s bundle identifier
• Current device’s name and type
• Current system’s language and country
• Current device’s UUID
• Network type
• Prompt a fake alert dialog to phish user credentials
• Hijack opening specific URLs based on their scheme, which could allow for exploitation of vulnerabilities in the iOS system or other iOS apps;
• Read and write data in the user’s clipboard, which could be used to read the user’s password if that password is copied from a password management tool.

The only serious issue is the hijacking of specific URLs, but it is SPECIFIC URLs pre-programmed for the Chinese networks. . . and most of those have security certification which will block that approach.

Phishing for credentials by having a sudden, out-of-the-blue, pop-up asking for an AppleID and password, unassociated with something you are doing is a red flag for anyone paying attention.