I recently wrote a blog on mobile phishing titled: Mobile phishing – same attacks – different hooks. There was so much feedback that I’ve decided to a write a few more posts around mobile security differences. Since I’ve already talked about phishing, let’s take a closer look at pharming.Like phishing, pharming has been around for a long time and also like phishing, that’s because it simply works. In the most general sense, pharming works by having a victim’s web traffic redirected to a fake, malicious site. This can happen via a compromise on the victim’s system that redirects their system’s traffic or another mechanism like a compromised DNS server (DNS Spoofing or DNS Cache Poisoning) that redirects many systems to fake, malicious sites.Now consider September 2015’s XcodeGhost and its variants. XcodeGhost is a nefarious version of Apple’s integrated development environment, Xcode, that started getting well known when it found its way into Apple’s App Store. Most simply, if an app was developed with XcodeGhost it could be potentially compromised even though the developers using the XcodeGhost programming framework may not of had malicious intent. Once they submitted their app to the App Store, the “Ghost” came along for the ride.Once installed on an iPhone, the malicious code searches for information like the device name, type, location, language, network and the like and sends the details to an external server. From there the iOS device can be remotely commanded to trick the user into divulging information like passwords and IDs with fake prompts. Also the user can be directed to websites to including malicious pharming websites. If you want to learn more about XcodeGhost, the BBC put together a great article. Now with that very abbreviated primer or refresher on XcodeGhost, let’s get back to pharming.MORE ON THIS SERIES: Mobile phishingMobile malwareMobile encryptionMobile reversing and tamperingMan in the middle attacks on mobile apps If I want to conduct pharming on a mobile device, XcodeGhost can provide a phone-home mechanism built directly into the app, downloaded from the official Apple App Store and do all this without the victim being aware of the compromise.If the before mentioned DNS compromise is in play and the mobile device attempts to go to a legitimate site, it can still be directed to a malicious site. Also if the mobile device is running a compromised app because of XcodeGhost for example and thus can be controlled, it then becomes trivial to direct a user to a pharming site. Pharming is thus successfully achieved and the vehicle is a compromised mobile application.Like phishing attacks on mobile, pharming has similarities to non-mobile platforms and unique mobile scenarios that need to be considered by stakeholders. Related content opinion Congrats - you’re the new CISO…now what You need foundational visibility into your security posture regarding what’s working and what’s not. By Brian Contos Mar 06, 2017 5 mins Technology Industry IT Strategy Cybercrime opinion Before you buy another cybersecurity buzzword Get value from what you’ve got before buying something new. Get rid of solutions that no longer add value and acquire new ones that are really needed with confidence. By Brian Contos Feb 21, 2017 2 mins RSA Conference IT Skills Network Security opinion What some cybersecurity vendors don’t want you to know When evaluating security products, you might be doing it wrong if you’re not incorporating assurance testing. By Brian Contos Feb 08, 2017 4 mins Technology Industry IT Skills Security opinion What football teaches us about cybersecurity You wouldn’t expect a football team that never practices to win the Super Bowl; but we expect wins every day from our cybersecurity professionals. By Brian Contos Feb 01, 2017 6 mins Technology Industry IT Jobs IT Skills Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe