Your Apple iPhone and iPad may be the victim of a nasty malware attack. This one, like the WireLurker attack in 2014, targets Apple users who download apps.
This attack, called SideStepper, gives hackers full access to your iPhone or iPad. The attackers are taking advantage of a pretty serious security loophole on some Apple devices.
Some companies use a system called Mobile Device Management (MDM) to automatically send employees apps. These aren't apps that Apple reviews and, because they're from their employer, a lot of people just let them install.
The SideStepper attack starts with a phishing text to download an app. However, you're alerted that doing so may be a security risk. But since you think it's your company's own app, you might click on it.
Once SideStepper is on your iOS device, it automatically installs malicious apps each time you accept new apps that you think are coming from your company. Apple confirmed the attack, and issued a statement:
"This is a clear example of a phishing attack that attempts to trick the user into installing a configuration profile and then installing an app. This is not an iOS vulnerability. We've built safeguards into iOS to help warn users of potentially harmful content like this.
"We also encourage our customers to download from only a trusted source like the App Store and to pay attention to the warnings that we've put in place before they choose to download and install untrusted content."