A new wave of cyberattacks targeting iPhone users has emerged, with malware dubbed “Infostealer” compromising millions of devices and putting bank accounts at risk. Security experts warn that the malware spreads through phishing campaigns and exploits NFC-based payment systems, leading to significant financial losses. The FBI and cybersecurity firms have issued urgent advisories, urging users to update devices and disable vulnerable features.
Threat Overview
The “Infostealer” malware, first detected in 2023, has evolved into a more sophisticated threat in 2025. According to Kaspersky, over 26 million devices were infected between 2023 and 2024, with losses exceeding $50 million due to NFC-based theft. The malware primarily spreads through fake iOS update prompts delivered via SMS or email. Once installed, it harvests banking credentials and intercepts NFC transactions, cloning payment cards in real-time. The FBI has linked some attacks to Chinese-affiliated threat actors, including the “Salt Typhoon” group, which has exploited telecom vulnerabilities to intercept call metadata.
Attack Vectors and Technical Details
The malware employs multiple infection methods, including:
- Phishing Kits: Attackers use domains like
.TOPand.CYOUto distribute fraudulent messages impersonating toll services or banking alerts. - NFC Exploitation: The “SuperCard X” variant intercepts card data during contactless payments, requiring no physical access to the device.
- Zero-Click Exploits: Spyware leveraging iMessage vulnerabilities (CVE-2021-30860) can infect devices without user interaction.
Public Wi-Fi networks have also been weaponized, with hackers intercepting unencrypted data from auto-joined hotspots. The NSA recommends disabling auto-join features and using VPNs to mitigate this risk.
Mitigation Strategies
Security experts, including Kurt Knutsson, recommend the following countermeasures:
- Enable Lockdown Mode (
Settings > Privacy & Security) to block spyware. - Disable NFC when not in use (
Settings > Wallet & Apple Pay). - Update to iOS 18.2, which allows third-party encrypted messengers like Signal to replace iMessage.
The FBI emphasizes reporting phishing attempts to IC3.gov and verifying suspicious charges through official websites.
Relevance to Security Professionals
For security teams, the “Infostealer” campaign highlights the need for:
- Enhanced monitoring of phishing domains and SMS-based threats.
- Network traffic analysis to detect unusual NFC-related activity.
- Patch management to address zero-day vulnerabilities like CVE-2021-30860.
Organizations should also review their BYOD policies, as infected personal devices can compromise corporate networks.
Conclusion
The “Infostealer” malware represents a significant escalation in mobile threats, combining social engineering with technical exploits. While Apple has released patches, user awareness remains critical. Security teams should prioritize threat intelligence sharing and adopt layered defenses to mitigate risks.
References
- “iPhone and Android Users Bombarded by Chinese Attack—Do Not Ignore FBI Warning,” Forbes, Mar. 23, 2025.
- “FBI IC3 Alert: Salt Typhoon Telecom Exploits,” Mar. 2025.
- “Apple Spyware Warning Update,” Yahoo Finance, Sep. 2021 (Updated 2025).
- “Cleafy Research: Toll Scam Campaigns,” Mar. 21, 2025.
- “APWG Q4 2024 Phishing Trends Report,” 2024.
