As a digital maven, you know not to download apps onto your cell phone from unknown sources because of the potential for slick spyware. Some of this hacker software is so sly, it runs on your phone without your knowledge and allows another user to covertly creep on your texts, e-mails, photos, fave websites and even your current location. But what you may not know is that there’s a new iPhone security vulnerability that allows hackers to install malicious spy apps onto your phone that you never intended to download. Fortunately, it can be avoided.


The danger of this new vulnerability — termed the “Masque” attack — is that it persuades iPhone users to click infected web links that then download apps onto your phone. These impostor apps look and behave nearly identically to legit apps like Facebook, Twitter and WhatsApp. However, these apps are actually controlled and monitored by hackers. Once installed on the phone, the “masked” apps transmit sensitive information to a remote server and can be used to steal critical information, like your login credentials. A hijacked iPhone user may not know that he or she has fallen victim to the Masque attack until the damage has been done.


The malware apps are not hosted in the Apple Store, so the only way to unwittingly download them is through a web link that circumvents the Apple Store. This means that you can protect your data and your iPhone by only downloading apps from the official Apple Store and by avoiding suspicious phishing links.

According to FireEye, the firm that discovered the vulnerability, the attack has only been observed in iPhone users so far, but the same technique could conceivably impact the Android OS. So stay tuned and stay alert, Android users!

Do you ever download apps from outside official app stores? Let us know in the comments below!

(h/t Business Insider)