AAPL Stock: 118.03 ( -0.85 )

Printed from

Report: iOS app has accidental malware, but not a threat to users

updated 12:04 am EDT, Tue May 7, 2013

Trojan horse points to non-functional webpage, part of sound file

A bit of malware -- a Trojan horse file that tries to redirect to a website -- has been found inside an iOS app, but the code has turned out to be harmless. The app in question is called Simply Find It ($2) and comes from a legitimate developer that has produced a number of legitimate games -- suggesting that the malware was probably inserted into the app accidentally. The bigger issue (since there is no direct threat posed by the bad code) is how Apple's testing procedure missed it -- and how two well-known anti-malware scanners couldn't pick up on it either.

Trojans are often hidden inside other files that are otherwise legitimate, particularly MP3s -- and indeed it was an MP3 file where the suspect code turned up, appended to the end of a playable sound file. Anti-malware program Bitdefender (free) from the Mac App Store was able to detect the malware in the store IPA app file, while ClamXav and iAntivirus did not notice a problem with the game file, reports Macworld.

The malware takes the form of an "iframe," which can embed a remote webpage and is commonly found in pirated MP3 files. While Mac OS X can't run iOS programs, it can be used to browse through the IPA package's files and examine code. The iframe was found in a sound file called "day.mp3" inside the game. Fortunately, the Chinese web domain the Trojan directs to -- -- isn't functioning. The webpage could, however, have attempted to exploit any known vulnerabilities in browsers, Flash or Java among other possibilities.

While the trojan likely came to be inside the app through an accident, why Apple's testers didn't catch it remains a mystery -- and points out the occasional problem with the approval process for apps being so secretive. "If Apple tested the app by running it in a sandbox and watching the app's activities," said security expert Rich Mogull in the report, "that would be more effective than [for example] scanning MP3s for malware strings." He added, however, that he and others "don't know for sure if [Apple's testing] process worked or not -- since "a malware link that never runs isn't a threat."

Apple has been made aware of the issue and will likely remove the app from the App Store for revisions, though it declined to comment on this story. The incident may also cause the company to examine sound and web assets inside games more closely, as well as presumably cause the makers of other anti-malware software programs to update their detection engines. The iOS platform remains nearly threat-free when compared to competing platforms, but the lack of transparency in Apple's app-checking process could lead to other vulnerabilities being discovered publicly rather than privately.

by MacNN Staff



  1. msuper69

    Professional Poster

    Joined: 01-16-00

    How in the world could this malware be inserted accidentally?

  1. Charles Martin

    MacNN Editor

    Joined: 08-04-01

    Oh that's easy -- the developer could have used an MP3 they got off a file-sharing site. It's just a single line of HTML code inside the end of the file, it's trivially easy to do this. Run a scan over some pirated MP3s sometime, you'll see.

  1. ctt1wbw

    Mac Elite

    Joined: 01-16-01

    For a second there, I thought this was about the Path app.

  1. climacs

    Mac Enthusiast

    Joined: 09-06-01

    that's exactly what happened, what chas_m said - they boosted an MP3. Perhaps they intended to replace it before they were done developing, but they forgot.

  1. msuper69

    Professional Poster

    Joined: 01-16-00

    If they used any files from a file sharing site, it's the developer's responsibility to make sure the files are safe to use.
    That's no excuse.

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Ultimate Ears Megaboom Bluetooth Speaker

Ultimate Ears (now owned by Logitech) has found great success in the marketplace with its "Boom" series of Bluetooth speakers, a mod ...

Kinivo URBN Premium Bluetooth Headphones

We love music, and we're willing to bet that you do, too. If you're like us, you probably spend a good portion of your time wearing ...

Jamstik+ MIDI Controller

For a long time the MIDI world has been dominated by keyboard-inspired controllers. Times are changing however, and we are slowly star ...


Most Commented