Holiday Tech Alert: Krampus-3PC Malware Targeting iPhones

New research shows that criminal malware has been targeting our mobile devices for quite some time now. We all have heard about Android devices being vulnerable to different types of malware threats, but iPhone users believe their devices are always protected. The iPhone is used so commonly, some criminal malware campaigns have been launched targeting iPhone users only. Recently, an iPhone specific malware campaign, Krampus-3PC, was found secretly accessing iPhone users information.

What is Krampus-3PC?

According to the Media Trust’s Digital Security Team, Krampus-3PC is a new malware campaign that is affecting iPhone users that visit 100 publisher websites. This malware is unique, using a multi-step redirecting mechanism and other impressive methods to avoid scanning and blocking tools. Krampus-3PC is unusual because, unlike most campaigns that only use one redirection method, this campaign uses a second redirect to ensure the user is brought to the fraudulent pop-up. 

What Can Happen To My Phone?

iPhone users browsing the web are being exposed to these malware pop-ups, and these attacks are taking place without any interaction from the device. These pop-ups can be disguised as grocery store reward ads or any other “reward”. It will even open the same ad in a second window if the first attempt fails.  

Krampus-3PC could then hijack the browser of the device, and potentially allow these attackers to log into the user’s various online accounts. The malware developers are looking to get as much data as possible from infected iPhone users. With mobile devices making up for almost 50% of internet traffic, this malware can access way more than just geolocations, call history, and internet searches.

The creators of this campaign are also be able to gather user session information including:

  • Cookie ID
  • Country
  • Click Tag
  • Webpage local storage data
  • Adtechstack banner data

There are rumors going around that this malware could be banned, but that won’t stop these criminals. Malvertising campaigns will continue to be launched, and iPhone users need to make sure that their devices stay protected. Educate yourself on these different types of attacks and make sure your not left vulnerable to the latest cybersecurity threats.