Exodus is a fake carrier assistance app. Once it has been installed on your device, it can secretly harvest your contacts, audio recordings, photos, videos, and device information like real-time location data.
Although there was no data to show who might have been targeted, the researchers noted that the malicious app was served from fake sites purporting to be cell carriers in Italy and Turkmenistan.
The developer abused their Apple enterprise certificates to bypass the App Store, similar to what companies like Facebook and Google did. Unlike its Android counterpart though, the iOS version hasn’t been widely distributed. The researchers don’t know how many Apple users have been affected.