Hackers are taking advantage of vulnerability in Apple's iOS mobile operating system to install malicious software disguised as popular apps such as Facebook, Twitter and WhatsApp to steal personal information.
The installation happens when a user clicks a link that may have been sent to them via email, text message or even a fake advert on a website, according to a new report by cybersecurity firm FireEye.
A fake and malicious app is installed that looks like the legitimate version on a user's device. And unlike the normal version of the app, the hacker's version can steal sensitive information and send it back to a remote server.
"It can look at the historical data that app might have saved depending on the type of app," Simon Mullis, global technical lead at FireEye, told CNBC.
"For a corporate user, it could be catastrophic if hackers get insight into internal negotiations and corporate crown jewels at risk."