It's a low-threat malware package that won't hurt iOS or MacOS but may pop Windows users who manage the app in their iTunes account.
A Windows malware worm has been found embedded in an application being distributed in Apple's App Store for iOS. The worm is a relatively low-threat malware package that will not affect the iOS or the MacOS platform but may be harmful to those who manage the app in their iTunes accounts on Windows machines.
In a recent Apple discussion forum posting, user "deesto" mentioned he had downloaded the free "Instaquotes Quotes Cards for Instagram" app from the iTunes store and noticed that his ClamXav antivirus program had flagged the downloaded file as containing the "Worm.VB-900" malware.
Symantec's free iAntivirus scanner locates two Windows executables that are flagged as containing malware.
While at first suspected as being a false positive, further investigation revealed the malware is present in the application package. App store programs are distributed in a .ipa file format, which is a wrapper that contains the application package itself. Similar to OS X applications, the iOS app contains its executable files and other resources the program needs to run in iOS.
To test the claims in the discussion forum I downloaded the Instaquotes package from the iTunes store and scanning it with Symantec's free iAntivirus program found it contains the following two Windows executables that are flagged as being malware.
instaquotes.ipa/Payload/Instaquotes.app/FBDialog.bundle/FBDialog.bundle.exe
instaquotes.ipa/Payload/Instaquotes.app/FBDialog.bundle/images/images.exe
Since the downloaded .ipa file is a package, these executables could be extracted using the package manager Pacifist, and then and more accurately scanned. In doing so, other malware programs like Sophos that initially missed detecting the malware instantly picked it up and described it as "Mal/CoiDung-A," a worm written in visual basic that installs files within the Windows system directory and then modifies the Windows registry to execute the malware when the system is restarted.
Microsoft Security Essentials instantly detects the executables as malware.
Copying the malware to a Windows virtual machine running the latest version of Microsoft Security Essentials resulted in the malware being immediately detected and removed from the system.
While this malware being Windows-based is neither a threat to the iOS platform nor to the MacOS, it may be a threat to those who manage their iTunes and App Store accounts on Windows-based machines. Being first discovered in August of 2009, the malware is relatively old and has been defined properly for most anti-malware utilities so it should be detectable if installed; however, until this situation is cleared up then you might consider avoiding the Instaquotes app.
This is not the first time that Apple has let malware slip into the App Store. Earlier this yearKaspersky labs discovered an app called "Find & Call" that itself was a data harvesting malware package. Apple cleared up the Find & Call trojan swiftly, and hopefully will do the same with the malware embedded in this package.
No comments:
Post a Comment