MacNN Forums (http://forums.macnn.com/)
-   Mac News (http://forums.macnn.com/mac-news/)
-   -   Report: iOS app has accidental malware, but not a threat to users (http://forums.macnn.com/112/mac-news/500398/report-ios-app-has-accidental-malware/)

 
NewsPoster May 7, 2013 12:17 AM
Report: iOS app has accidental malware, but not a threat to users
A bit of malware -- a Trojan horse file that tries to redirect to a website -- has been found <a href="http://www.macworld.com/article/2037099/ios-app-contains-potential-malware.html#tk.nl_mwbest">inside an iOS app</a>, but the code has turned out to be harmless. The app in question is called <a href="https://itunes.apple.com/us/app/simply-find-it/id434167676?mt=8">Simply Find It</a> ($2) and comes from a <a href="http://www.simplygame.net/">legitimate developer</a> that has produced a number of legitimate games -- suggesting that the malware was probably inserted into the app accidentally. The bigger issue (since there is no direct threat posed by the bad code) is how Apple's testing procedure missed it -- and how two well-known anti-malware scanners couldn't pick up on it either.<br /><br />Trojans are often hidden inside other files that are otherwise legitimate, particularly MP3s -- and indeed it was an MP3 file where the suspect code turned up, appended to the end of a playable sound file. Anti-malware program <a href="http://macnn.com/rd/285016==https://itunes.apple.com/ca/app/bitdefender-virus-scanner/id500154009?mt=12" rel='nofollow'>Bitdefender</a> (free) from the Mac App Store was able to detect the malware in the store IPA app file, while ClamXav and iAntivirus did not notice a problem with the game file, reports <em>Macworld</em>.<br />
<br />
The malware takes the form of an "iframe," which can embed a remote webpage and is commonly found in pirated MP3 files. While Mac OS X can't run iOS programs, it can be used to browse through the IPA package's files and examine code. The iframe was found in a sound file called "day.mp3" inside the game. Fortunately, the Chinese web domain the Trojan directs to -- x.asom.cn -- isn't functioning. The webpage could, however, have attempted to exploit any known vulnerabilities in browsers, Flash or Java among other possibilities.<br />
<br />
While the trojan likely came to be inside the app through an accident, why Apple's testers didn't catch it remains a mystery -- and points out the occasional problem with the approval process for apps being so secretive. "If Apple tested the app by running it in a sandbox and watching the app's activities," said security expert Rich Mogull in the report, "that would be more effective than [for example] scanning MP3s for malware strings." He added, however, that he and others "don't know for sure if [Apple's testing] process worked or not -- since "a malware link that never runs isn't a threat."<br />
<br />
Apple has been made aware of the issue and will likely remove the app from the App Store for revisions, though it declined to comment on this story. The incident may also cause the company to examine sound and web assets inside games more closely, as well as presumably cause the makers of other anti-malware software programs to update their detection engines. The iOS platform remains nearly threat-free when compared to <a href="http://macnn.com/rd/285017==http://www.electronista.com/articles/13/03/07/blackberry.ios.windows.mobile.have.fewest.and.most .innocuous.threats/" rel='nofollow'>competing platforms</a>, but the lack of transparency in Apple's app-checking process could lead to other vulnerabilities being discovered publicly rather than privately.<br />
<br />
<br />
 
msuper69 May 7, 2013 01:36 AM
How in the world could this malware be inserted accidentally?
Ridiculous.
 
Charles Martin May 7, 2013 02:15 AM
Oh that's easy -- the developer could have used an MP3 they got off a file-sharing site. It's just a single line of HTML code inside the end of the file, it's trivially easy to do this. Run a scan over some pirated MP3s sometime, you'll see.
 
ctt1wbw May 7, 2013 08:55 AM
For a second there, I thought this was about the Path app.
 
climacs May 7, 2013 09:39 AM
that's exactly what happened, what chas_m said - they boosted an MP3. Perhaps they intended to replace it before they were done developing, but they forgot.
 
msuper69 May 7, 2013 10:02 AM
If they used any files from a file sharing site, it's the developer's responsibility to make sure the files are safe to use.
That's no excuse.
 
All times are GMT -4. The time now is 12:50 PM.

Copyright © 2005-2007 MacNN. All rights reserved.
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2016, vBulletin Solutions, Inc.


Content Relevant URLs by vBSEO 3.3.2