XAgent is a major threat that has been recently discovered in the iOS world. According to security researchers from Trend Micro, this spyware was created by a team of hackers known for targeting governments, journalists and army personnel. This malicious app is designed to collect a large amount of data about its victims and then send it to remote servers.
How does it operate? For starters, it infects your device by downloading itself from various phishing sites (it generally uses a vulnerability in a friend's phone to send you the malicious link). Once inside your gadget the tool starts gathering text messages, information about the place you visit (geo-locations), the data from your contact list, the images saved on the device, WiFi status and a list with all the apps you have installed. After all the data has been collected, the spyware packages it and sends it to a server that is controlled by the hackers. A very underhanded feature is XAgent's capability to help others listen to everything you are saying by covertly turning on your phone's microphone.
The spyware is capable of infecting iOS 7 as well as iOS 8 operating systems and it doesn't matter if your device is jailbroken or not. While on iOS 7 the malware hides itself so it's very hard to spot, on iOS 8 it can't become invisible and it requires a manual launch each time you reboot the phone. This can only mean it was written for iOS 7 so it has been passing around undetected for quite a while.
There is no official data about the identity of the hackers behind XAgent, but Trend Micro believes that pro-Russian group called Operation Pawn Storm to be the author. While the spyware itself is very hard to reveal once it gets inside your phone, the best way to keep yourself safe is by not clicking and especially not downloading content from suspicious links.