Hackers have figured out how to persuade iPhone users to install malicious apps on their iPhones without their knowledge. The apps may look and perform like the real thing, but they're controlled by hackers.

The installations occur when users unwittingly click on web links that trigger the downloads. Bogus apps include malware versions of Twitter, Facebook, WhatsApp. The attacks work by duping smartphone users into installing the malicious apps without their knowledge. If a user clicks on an infected link while browsing the web, then Masque can download an app onto an iPhone without the users knowing.

Researchers said they discovered and disclosed to Apple, the vulnerability exploited by the WireLurker malware, which targeted iOS mobile devices. Some experts claim that now WireLurker is the only existing malware, which uses the bug in iOS.

Although Apple tried to annul the certificates used by the malware quickly, but the problem is that the flaw relates to an iOS enterprise provisioning failure to double check the identity of a given app against its digital certificate when the developer does not upload the application to the App Store. It gives attackers the ability to replace legitimate iOS apps with malicious ones without notification.