Someone holding an iPhone in their hands while standing on the street
Getty Images

Krampus malware drops on to iPhones during the holiday season

A malicious program captured cookies and other identifiers to allow them to log-in to accounts people had logged into on their browsers

Like GearBrain on Facebook

Just in time for the holidays comes a malware named Krampus, the creature that punishes the bad children during the holiday season. The program is impacting iPhone users only — and actively seeking them — and appears to hijack those who visit specific online newspapers and weekly news magazines, with some based in the UK.

Read more:

Discovered by The Media Trust, a U.S.-based advertising tech company, the malware brings up a popup advertising that looked like a grocery store reward spot, and asked for personal information. But instead, in the background, the program accessed a user's country and also their online cookies, which meant the hackers could also log on to online accounts of those who had been compromised. They also captured details, like someone's phone number, even if a victim didn't enter that detail into the fake pop up ad.

Malware Detected Warning ScreenThe malware captures cookies which lets hackers log on to users accounts Getty Images/iStockphoto

Called Krampus 3PC, the malware is particularly slithery. Once a user activated the program, Krampus 3PC could then get control of the browser, sending users to fake sites, and if there were other tabs open — like those for a bank — it could get into those accounts even during a later time, said The Media Trust.

The ad tech firm discovered the malware in October, and found it was active during that month and also November, and had traveled to other countries, not just readers in the UK. The program also managed to get around malware blockers, noted the report.

Specific publishers were not named by the The Media Trust in their report. Users who spot fake ads and popups should close their browser immediately — although by then the access may already have happened. But it goes without saying, people should never enter information about themselves into random popups that appear on their screen promising savings on their grocery bill, or frankly anywhere.

Like GearBrain on Facebook
The Conversation (0)

GearBrain Compatibility Find Engine

A pioneering recommendation platform where you can research, discover, buy, and learn how to connect and optimize smart devices.

Join our community! Ask and answer questions about smart devices and save yours in My Gear.

Top Stories

Weekly Deals