What’s ironic about this is that this spyware was initially developed to target Android devices, but it now seems to have found its way onto iPhones. The app disguises itself as a carrier assistance app where when installed, it can secretly record things like your photos, videos, audio recordings, contacts, and your real-time location. It can also be triggered to listen in on the calls of its victims.
As to how it managed to get past Apple’s security, it seems that the developer signed the app using an enterprise certificate. These certificates are meant to be used for apps that are distributed internally, such as those used within a company, and aren’t meant for public distribution.
If you’re wondering why this sounds familiar, it is because earlier this year, both Google and Facebook ran into some issues with Apple when they tried to distribute certain apps to the public using their enterprise certificates. That being said, it is unclear who this app is targeted, but so far it seems to be targeting users in Italy and Turkmenistan.