ET MOBILE_MALWARE Possible iOS WebView Auto Dialer 2

7.0.35.0SID: 2023501Rev: 3Enabled1 views
Sourceet/open
Fileemerging-mobile_malware.rules
CreatedNovember 11, 2016
UpdatedMarch 14, 2024
Classificationtrojan-activity
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET MOBILE_MALWARE Possible iOS WebView Auto Dialer 2"; flow:established,to_client; file.data; content:"URL=tel|3a|"; nocase; fast_pattern; pcre:"/^\+?[0-9-]{10,}[\x22\x27]/Rsi"; content:"itms-apps|3a|"; nocase; content:"setTimeout"; nocase; content:"window"; nocase; pcre:"/^\s*?\.\s*?location\s*?\.\s*?href/Rsi"; content:"for"; nocase; pcre:"/^\s*?\(\s*?(?P<var>[^\x3d\x3b\)\s]+)\s*?=\s*?0\s*?\x3b\s*?(?P=var)\s*?\<\s*?(?:0x)?\d{4,}\s*?\x3b\s*?(?P=var)\+\+\s*?\)\s*?\x7b\s*?(?P<var2>[^\x3d\x3b\)\s]+)\s*?=\s*?(?P=var2)\s*?\+\s*?[\x22\x27]\d+[\x22\x27]/Rsi"; reference:url,www.mulliner.org/blog/blosxom.cgi/security/ios_WebView_auto_dialer.html; classtype:trojan-activity; sid:2023501; rev:3; metadata:affected_product iOS, attack_target Mobile_Client, created_at 2016_11_11, deployment Perimeter, confidence Medium, signature_severity Major, updated_at 2024_03_14;)

Metadata

affected productiOS
attack targetMobile_Client
created at2016_11_11
deploymentPerimeter
confidenceMedium
signature severityMajor
updated at2024_03_14

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!