Forgot your password?
typodupeerror
Windows Apple

Malware Strikes Apple iOS App Store Again 94

Posted by Unknown Lamer
from the clever-marketing-campaign-for-osx dept.
tlhIngan writes "Well, it's happened again. Malware has slipped past Apple again and appeared in the iOS App Store. This time though, an iOS application came bundled with two Windows executables containing relatively old malware. It will not infect an iOS device nor Macs, but might affect Windows iTunes users. Looks like Apple needs to update their Windows malware scanner for iOS app submissions now."
This discussion has been archived. No new comments can be posted.

Malware Strikes Apple iOS App Store Again

Comments Filter:
  • by Zibodiz (2160038) on Wednesday July 25, 2012 @10:35AM (#40764819)
    This just seems like a lot of work to infect a windows PC. Especially considering the relatively good track record Apple has at preventing malware from appearing on their platform. I almost half wonder if this is more of a proof-of-concept for a bored hacker.
    • Re:A lot of work? (Score:4, Insightful)

      by Microlith (54737) on Wednesday July 25, 2012 @10:37AM (#40764853)

      Or more likely a case of ridiculous ineptness on behalf of the developer and incompetence on Apple's behalf. It is possible, despite protestations to the contrary.

      • by Anonymous Coward

        Apple's incompetence? You are suggesting that Apple is responsible for detecting Malware that affects non-Apple OSes? Should they should look for Linux malware also?

        And does this apply to other app stores? Should the Windows app store look for malware that affects Apple or Linux? How about Google Play?

        Should Apple be responsible for detecting all possible variants of all known malware in Windows? Maybe they should be responsible for detecting zero-day exploits in Windows? Perhaps you'd like Apple to r

        • by Anonymous Coward

          Apple doesn't have a responsibility to detect malware at all. They could just sell you the hardware and software and call you an idiot if you execute a program that does something you don't want.

          It is however in their best interest to prevent their phone from becoming an infection vector through which their users' PCs could be compromised. Mostly because it will adversely affect sales if they don't.

        • Re: (Score:2, Interesting)

          by Ryanrule (1657199)

          They sold it. They are liable.

          • by EGSonikku (519478)

            Liable for what? Show me a single user whose Computer was infected due to this app. If you read and understood the article you'd know you couldn't show me a single infected user.

            • Re:A lot of work? (Score:4, Interesting)

              by Ryanrule (1657199) on Wednesday July 25, 2012 @02:54PM (#40768491)

              You are paying for software, and you get send a virus. You don't even know. It gets dropped into a folder you never even think to touch. Now this time, nothing happened. This time. If apple isn't firing people over this, then they do not know what they are doing.

        • Windows users still outnumber Mac users by a large margin. Considering even the summary says this was "relatively old," it would be trivial for Apple to set up an automated virus scan for app store submissions. I'd argue theyshould have been doing this all along.

          • by toriver (11308)

            What's the probability an iOS app ships with Windows executables inside at all? There is no point in checking for any theoretical content except that which can affect its intended environment: iOS. What next, look through included PDFs to see if they exploit bugs in Adobe Reader?

        • Should the Windows app store look for malware that affects Apple or Linux?

          If they are going to be selling apps which may be expected to have an executable component on Apple or Linux machines, then yes.

        • by jrroche (1937546)
          If Apple is going to market their walled garden as a safe alternative to the Mad Max dystopian hellscape of Google Play, with bands of pirates riding around on patchwork motorcycles, hunting down developers trying to make an honest living and unsuspecting users trying to play their "hit thing with bird" games -- then yes, Apple does have some responsibility to carry through on their end of that bargain. However, given the wild exaggeration of Siri's capabilities in their commercials, Apple seems to take its
        • Apple's incompetence? You are suggesting that Apple is responsible for detecting Malware that affects non-Apple OSes? Should they should look for Linux malware also?

          If they're going to run a "curated" app store, then wouldn't it stand to reason that they actually curate their app store? If you can bundle any random files in your app that you want to, and Apple will approve the app, then Apple is distributing those files for you. You could bundle child porn images using whatever filenames you want even, add them into an otherwise frivolous app, put that on the app store for $.99, advertise it wherever those things are currently advertised with instructions about how t

      • The way the malware shows up in the IPA, it looks like the developer opened the folder path on an infected Windows machine prior to packaging it up. The filenames indicate the folders were infected by live malware (as the malware names the dropped files after the folder it puts them in, which is the case here).

  • by Anonymous Coward

    It's not clear how this even an infection vector for windows computers. How does the payload get executed on a windows machine?
    It's fairly clear that the dev somehow got malware files packed up in their iphone app package by accident, possibly because of an infected machine somewhere in the workflow. (Like developing content/art/etc on a windows computer)

    Judging by the app name alone, it's probably psudo-spam useless shovelware developed by outsourced programmers. The sort of place where I'd expect to see l

    • by Applekid (993327)

      It's not clear how this even an infection vector for windows computers. How does the payload get executed on a windows machine?

      Maybe that's phase 2.

      Either way, I don't know why iOS applications are allowed to distribute windows executable files. While iOS malware is definitely Apple's fault when it happens, I guess you can't really argue that Windows malware is a problem if nothing tries to execute them, and execute them as Administrator after all.

      More worrying is what ELSE is lurking in these packages that isn't inspected? What if someone is sneaking child porn in the .ipa that isn't accessed by the app proper? Kind of like how th

      • Either way, I don't know why iOS applications are allowed to distribute windows executable files. While iOS malware is definitely Apple's fault when it happens, I guess you can't really argue that Windows malware is a problem if nothing tries to execute them, and execute them as Administrator after all.

        There is probably just nothing that checks for this kind of nonsense. This is not a threat, just a big WTF.

    • Lots of people using PCs and iTunes own Apple iPods. It would be fairly trivial to spread from an iPod connected to a PC to the PC itself. This is not an accident.
      • by EGSonikku (519478)

        No, it wouldn't be trivial. The end user would have to decompress the .ipa file manually on a PC, manually browse a few directories deep, and manually open the .exe.

        There is no way for this malware to run itself at all, and a user would have to be intentionally TRYING to infect themselves for it to even run.

  • by Anubis IV (1279820) on Wednesday July 25, 2012 @10:45AM (#40765011)

    The only way it might affect them is If they decide that they want to unpackage the app's .ipa package file, extract the two virus files, and then execute them, which only iOS developers and malware researchers might have a valid reason for actually doing. As they're currently packaged, however, they're entirely inert. They weren't even being flagged by Sophos and some of the other AV software out there because of how they were packaged and the fact that there was no way for them to execute.

    This is a case of two inert files being accidentally bundled in an app package, which is a bit of a non-story, aside from the humorous aspect of it.

    • by gl4ss (559668)

      it's possible that it's an attack on crackers. though you'd think that most of those fooling around with ios app decompilation would run osx...

  • You must extract an IAP file for no reason at all, locate two windows binaries, and execute them... hmm.. sounds like a non-story to me.

  • by cpu6502 (1960974) on Wednesday July 25, 2012 @10:56AM (#40765161)

    I have both Lowbandwidth and Simple Design checked but it's still feeding me a complicated front page.

  • by Anonymous Coward on Wednesday July 25, 2012 @10:59AM (#40765211)

    I don't want to start a holy war here, but what is the deal with you Mac fanatics? I've been sitting here at my freelance gig in front of a Mac (a 8600/300 w/64 Megs of RAM) for about 20 minutes now while it attempts to copy a 17 Meg file from one folder on the hard drive to another folder. 20 minutes. At home, on my Pentium Pro 200 running NT 4, which by all standards should be a lot slower than this Mac, the same operation would take about 2 minutes. If that.

    In addition, during this file transfer, Netscape will not work. And everything else has ground to a halt. Even BBEdit Lite is straining to keep up as I type this.

    I won't bore you with the laundry list of other problems that I've encountered while working on various Macs, but suffice it to say there have been many, not the least of which is I've never seen a Mac that has run faster than its Wintel counterpart, despite the Macs' faster chip architecture. My 486/66 with 8 megs of ram runs faster than this 300 mhz machine at times. From a productivity standpoint, I don't get how people can claim that the Macintosh is a superior machine.

    Mac addicts, flame me if you'd like, but I'd rather hear some intelligent reasons why anyone would choose to use a Mac over other faster, cheaper, more stable systems.

    • Re: (Score:3, Funny)

      The 1990s just called. They want their post back.

    • If only Apple hadn't been sitting on their hands for the last 15 years they might have actually made some improvements to the OS, the hardware, the design, their support, their included software, and their consistency since then. They may have even abandoned a slower hardware architecture in favor of a better one.

      Ah, if only.

    • by Tarlus (1000874)

      I don't want to start a holy war here, but here are four paragraphs of flamebait which don't really pertain to the subject of the news post.

  • by EGSonikku (519478) <petersen.mobile@gm a i l . c om> on Wednesday July 25, 2012 @11:00AM (#40765223)

    From the sound of things this doesn't seem like an intentional attempt to infect users co punters via the App Store.

    The iOS app itself is NOT malware, and works as its supposed to. The malware is for Win32, and can do nothing on an iOS device, or a Mac, is located deep inside the .app folder directory, and has no way of launching itself. The only way for it to spread, or even run at all would be:

    Windows user browses to the iTunes backup folder
    For no particular reason at all decides to extract the contents of the .app file
    Decides to dig down a few directoies inside of that
    Out of boredom decides to run the the infected .exe.

    Rather than an intentional attempt to sneak Malware onto the App Store, it sounds more likely to me that the developer of the app was infected themselves, and unknowingly packaged it in the iOS app. Granted, Apple should be doing a virus scan before approving an App, but this malware is DOA barring the extremely unlikely scenario a user would have to do that I listed above for any chance of infection.

    • by robbo (4388)

      Suppose an attacker knows the user has this app installed and can induce them to click a link like "file://{path}/malware.exe", either through ITMS or in some other browsing context... the malware is no longer inert.

      • Except that the file isn't navigable via a path like that, since the app's package is compressed. You'd need to extract the files before you could access them like that.

      • by EGSonikku (519478)

        Not possible. For one, it's inside of an .IPA file, so the user would have to decide to manually extract the files, THEN run "file://{path}/malware.exe". At which point Windows would ask if you know WTF you are doing, and even saying yes at that point, an up to date Windows Defender would kill it.

    • by Calibax (151875) *

      Why exactly should Apple be doing a security scan for non-Apple malware? If the various app stores are responsible for checking for non-executable viruses on all platforms then Google Play should be looking for malware applicable to Windows, Apple or Linux. And by this logic the Windows store (when it appears) should be checking for malware on all platforms also.

      It's hard enough to stay on top of malware for your own platform, why should vendors be on top of malware aimed at other platforms? Especially a

      • While I agree with you to some extent, I don't think that making a best effort to be a good neighbor is a bad idea. It's simple to check, and even if you don't have 100% accuracy, the worst you're doing is setting yourself up as a carrier of inert files. Granted, that's not very neighborly, but it's not the end of the world either, except for PR reasons.

      • Hello,

        Some operating system and application developers--and online stores--scan all files with a battery of anti-malware programs before releasing them. This allows them not just to check for malicious code embedded in those files, but to avoid reports of a false positive detections on files they are going to distribute before they are released.

        Many anti-malware programs are available on multiple platforms (Windows, OS X, Linux, BSD, Solaris, and so forth) and their databases are cross platform as well, e.

  • How does Windows malware get into an iOS app package? You can generally only develop iOS apps on OS X, so someone either purposely put it there, or has some retarded app development setup that managed to suck a windows virus into an iOS package..

    Then it got deployed by Apple.

    Then in order for it to infect a target PC, you got to screw around with the iOS package file on WIndows and then purposely run content (and ignore ALL the Windows warnings). Also the malware is generally already covered by most Windo

    • by toriver (11308)

      You could intentionally add a .exe file as a resource to your Foo project, it would get included in the resulting Foo.ipa archive, but to actually run it would have to be extracted from it, which would largely be pointless to do - except if a recipient is a mischievous "asset borrower" who wants to use your game's fancy sprites in his game.

  • Affects Windows. And we care why...?
  • So it seems everyone is not too concerned about the ability to bring malware unscathed through Apple app store? I understand the malware was a windows virus was packaged up quite well in the app, and dormant unless unpackaged and executables were ran. However, wouldn't it be possible to offer an update to the app that, if connected to a windows computer, unpacks and maybe even attempts to execute? If not through an update, perhaps offer a different app that performs the functionality? I realize these quest
    • by EGSonikku (519478)

      No, because the app, and any update done to it are still iOS apps. They run on your iPhone, iPod, or iPad. There is no way for them to run code on a Windows PC to extract files from itself and run the malware.

  • Gee, I thought Apple's walled-garden approach was supposed to be really secure. I've seen a lot of Apple fanboys on slashdot recently mocking the Android model? Where are they now?
    • by EGSonikku (519478)

      I'm right here, and if you'd read the article you'd know this is a complete non-issue. I'd explain why yet again, but instead I'll tell you to see my previous explanation in these comments, or many others explanations, or advise you to read the article.

    • You don't have to be an "Apple fanboy"; you only need to be a competent Slashdot user. A quick search on Slashdot shows dozens of articles about Android malware, dating back to March 2010. iOS is up to 2, both of which are recent.

      • In grad school. I did a research paper comparing security between Android and IOS. I cited white papers for my information. There have been plenty of vulnerabilities in IOS and those are only the ones we've heard about. Apple's approach allows them to be secretive about security holes and fix them quietly...should they choose to do so. One of the big reason you hear so much about Android flaws is because the public community finds the flaws and naturally, makes the news public. While to the uninformed
  • Oddly missing from the summary, the name of the infected App: "Instaquotes Quotes Cards for Instagram"
  • by anomaly256 (1243020) on Wednesday July 25, 2012 @06:43PM (#40771349)
    Did anyone else stop and think 'That's not really fair, Mountain Lion isn't THAT bad' when they read the headline?

Thufir's a Harkonnen now.

Working...