According to Lookout, Exodus for iOS was found on a number of phishing sites that were designed to trick customers of mobile carriers in Italy and Turkmenistan. The spyware was determined to be a stripped down port of the Android version. If installed on a device, the malicious software could steal contacts, photos, videos and audio recordings, GPS information and device location data. An attacker could use the app also perform on-demand audio recordings. The iOS variant of Exodus uploaded the stolen information to the same server as the Android malware, suggesting a direct connection between the attacks.
The Exodus attack initially used enterprise certificates signed by Apple, which made it possible for victims to install the app on their device despite downloading it outside of the App Store. Apple has since revoked those certificates, meaning the attack has largely been squashed. Still, it’s a good reminder that iOS devices aren’t immune to attacks. It’s best to stick to Apple’s official App Store to avoid falling victim to spyware.