Report: Potential malware identified in Apple's App Store

Tools

An iOS game available for download from Apple's (NASDAQ:AAPL) App Store contains an embedded Trojan horse, Macworld reports.

Responding to a tip from a reader, Macworld scanned developer Simply Game's Simply Find It with the free Bitdefender Virus Scanner software and determined that the game contains Trojan.JS.iframe.BKD. Macworld then unzipped the Simply Find It file and found an MP3 including an "iframe"--HTML code that embeds a remote webpage. "In this case, the server that iframe points to--x.asom.cn--isn't actually responding at this writing," the report states. "In theory, though, malware could use a secretly-embedded iframe to load up a maliciously-crafted webpage you didn't intend to visit, and attempt to do various unpleasant things."

Macworld theorizes that Simply Game likely included the malicious code unintentionally, although the developer did not respond to a request for comment.

Security expert Rich Mogull said Simply Game is almost certainly harmless, but questioned how it landed in the App Store in the first place. "If Apple tested the app by running it in a sandbox and watching the app's activities, that would be more effective than scanning MP3s for malware strings," Mogull said, explaining that running an app reveals its real-world behaviors. Because Apple has never divulged details of its app testing process, "We don't know for sure if [any Apple malware-scanning] process worked or not. A malware link that never runs isn't a threat, and there are very legitimate ways of testing that won't find something like this if it isn't a valid exploit."

Apple declined to comment.

While Apple's walled-garden ecosystem has traditionally spared iOS from the malware threats plaguing Google (NASDAQ:GOOG) open-source Android platform, researchers recently revealed that iOS device profiles used by mobile operators could offer hackers a means to attack iPhones. In a blog post published in March, security firm Skycure explained that carriers, mobile device management services and even some mobile applications use iOS profiles--a.k.a. mobileconfig files--to help configure key system-level settings on Apple devices. "These include Wi-Fi, VPN, email and APN settings, among others," Skycure stated. "While mobileconfigs are usually used for constructive needs and thus provide a lot of value, these same capabilities might be used by malicious attackers to circumvent Apple's security model and perform significant damage to their victims."

According to Skycure, malicious profiles could be used to remotely control mobile devices, monitor and manipulate activity, hijack user sessions and install root certificates making it possible to seamlessly intercept and decrypt secure connections used by most apps to transfer sensitive data. "A few concrete impact examples include: stealing one's Facebook (NASDAQ:FB), LinkedIn, mail and even bank identities and acting on his/her behalf in these account, potentially creating havoc," Skycure noted.

Attackers might fool consumers into downloading malicious profiles by promising them free access to premium content in exchange for installing an iOS profile that will "configure" their device accordingly or by sending them a message promising "better battery performance" or "something cool to watch" upon installation. "We identified another possible infection vector, which can prove to be very effective due to its reliance on the trust between customers and their service providers," Skycure adds. "A quick survey we did uncovered a variety of cellular carriers, many of them MVNOs, that ask their clients to install mobileconfig files in order to receive data plan access; unfortunately, these processes usually involve poor utilization of security measures."

For more:
- read this Macworld article

Related articles:
iOS user security threatened by malicious profiles, researchers contend
Apple exec Schiller takes shot at Android over malware headaches
F-Secure: Android to blame for 79 percent of all mobile malware in 2012
iOS jailbreak app Installous shuts down, but new piracy options emerge
iOS posts holiday gains while Android, BlackBerry and Microsoft decline

Comments