toggle

AAPL Stock: 94.72 ( + 0.78 )

Printed from http://www.macnn.com

Report: iOS app has accidental malware, but not a threat to users

updated 12:04 am EDT, Tue May 7, 2013

Trojan horse points to non-functional webpage, part of sound file

A bit of malware -- a Trojan horse file that tries to redirect to a website -- has been found inside an iOS app, but the code has turned out to be harmless. The app in question is called Simply Find It ($2) and comes from a legitimate developer that has produced a number of legitimate games -- suggesting that the malware was probably inserted into the app accidentally. The bigger issue (since there is no direct threat posed by the bad code) is how Apple's testing procedure missed it -- and how two well-known anti-malware scanners couldn't pick up on it either.

Trojans are often hidden inside other files that are otherwise legitimate, particularly MP3s -- and indeed it was an MP3 file where the suspect code turned up, appended to the end of a playable sound file. Anti-malware program Bitdefender (free) from the Mac App Store was able to detect the malware in the store IPA app file, while ClamXav and iAntivirus did not notice a problem with the game file, reports Macworld.

The malware takes the form of an "iframe," which can embed a remote webpage and is commonly found in pirated MP3 files. While Mac OS X can't run iOS programs, it can be used to browse through the IPA package's files and examine code. The iframe was found in a sound file called "day.mp3" inside the game. Fortunately, the Chinese web domain the Trojan directs to -- x.asom.cn -- isn't functioning. The webpage could, however, have attempted to exploit any known vulnerabilities in browsers, Flash or Java among other possibilities.

While the trojan likely came to be inside the app through an accident, why Apple's testers didn't catch it remains a mystery -- and points out the occasional problem with the approval process for apps being so secretive. "If Apple tested the app by running it in a sandbox and watching the app's activities," said security expert Rich Mogull in the report, "that would be more effective than [for example] scanning MP3s for malware strings." He added, however, that he and others "don't know for sure if [Apple's testing] process worked or not -- since "a malware link that never runs isn't a threat."

Apple has been made aware of the issue and will likely remove the app from the App Store for revisions, though it declined to comment on this story. The incident may also cause the company to examine sound and web assets inside games more closely, as well as presumably cause the makers of other anti-malware software programs to update their detection engines. The iOS platform remains nearly threat-free when compared to competing platforms, but the lack of transparency in Apple's app-checking process could lead to other vulnerabilities being discovered publicly rather than privately.





by MacNN Staff

toggle

Comments

  1. msuper69

    Professional Poster

    Joined: 01-16-00

    How in the world could this malware be inserted accidentally?
    Ridiculous.

  1. chas_m

    MacNN Staff

    Joined: 08-04-01

    Oh that's easy -- the developer could have used an MP3 they got off a file-sharing site. It's just a single line of HTML code inside the end of the file, it's trivially easy to do this. Run a scan over some pirated MP3s sometime, you'll see.

  1. ctt1wbw

    Mac Elite

    Joined: 01-16-01

    For a second there, I thought this was about the Path app.

  1. climacs

    Forum Regular

    Joined: 09-06-01

    that's exactly what happened, what chas_m said - they boosted an MP3. Perhaps they intended to replace it before they were done developing, but they forgot.

  1. msuper69

    Professional Poster

    Joined: 01-16-00

    If they used any files from a file sharing site, it's the developer's responsibility to make sure the files are safe to use.
    That's no excuse.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Razer Kraken Pro headset

Gaming headphones are a challenge to get right, for a long list of reasons that are unique to the consumer buying them. Some shoppers ...

Patriot Aero Wireless Mobile Drive

Regardless of how large a tablet you buy, you always want more space. There's always one more movie or another album you'd cram on, ...

Patriot Fuel+ 6000 and 9000mAh batteries

Mobile device batteries are better than they used to be, but there's always a scenario where users could use more juice. Upgrade manu ...

toggle

Most Commented