Apple devices vulnerable to hacker attack that mimics app names

Hackers are targeting devices that run Apple Inc. operating systems by creating fake programs that mimic real e-mail and game applications to steal a user's information, cybersecurity company FireEye Inc. said.

FireEye is calling the trick a Masque Attack, the company said in a blog post today. It takes advantage of a flaw in Apple's iOS 7 and 8 mobile software that lets hackers install fraudulent apps on devices through e-mail and text messages as long as the fake program has the same file name as the legitimate one.

Devices running Apple software, long considered safer from hackers than systems like Microsoft Corp.'s Windows and Google Inc.'s Android, have become more common targets. The Masque Attack technique is the same one used by WireLurker, malware discovered by security provider Palo Alto Networks Inc. that was designed to steal information from apps running on Apple's operating systems for personal computers and mobile gadgets.

Following the announcement of WireLurker last week, Apple said it had begun blocking malicious software aimed at users of its products in China.

FireEye demonstrated Masque Attack by replacing the Gmail application with a fake, which was capable of stealing login information as well as e-mails.

Representatives for Cupertino, California-based Apple didn't immediately return calls and e-mails seeking comment. FireEye, based in Milpitas, California, said that Apple has been notified of the vulnerability and is fixing it.