|
|
Report: iOS app has accidental malware, but not a threat to users
|
|
|
|
MacNN Staff
Join Date: Jul 2012
Status:
Offline
|
|
A bit of malware -- a Trojan horse file that tries to redirect to a website -- has been found inside an iOS app, but the code has turned out to be harmless. The app in question is called Simply Find It ($2) and comes from a legitimate developer that has produced a number of legitimate games -- suggesting that the malware was probably inserted into the app accidentally. The bigger issue (since there is no direct threat posed by the bad code) is how Apple's testing procedure missed it -- and how two well-known anti-malware scanners couldn't pick up on it either. Trojans are often hidden inside other files that are otherwise legitimate, particularly MP3s -- and indeed it was an MP3 file where the suspect code turned up, appended to the end of a playable sound file. Anti-malware program Bitdefender (free) from the Mac App Store was able to detect the malware in the store IPA app file, while ClamXav and iAntivirus did not notice a problem with the game file, reports Macworld.
The malware takes the form of an "iframe," which can embed a remote webpage and is commonly found in pirated MP3 files. While Mac OS X can't run iOS programs, it can be used to browse through the IPA package's files and examine code. The iframe was found in a sound file called "day.mp3" inside the game. Fortunately, the Chinese web domain the Trojan directs to -- x.asom.cn -- isn't functioning. The webpage could, however, have attempted to exploit any known vulnerabilities in browsers, Flash or Java among other possibilities.
While the trojan likely came to be inside the app through an accident, why Apple's testers didn't catch it remains a mystery -- and points out the occasional problem with the approval process for apps being so secretive. "If Apple tested the app by running it in a sandbox and watching the app's activities," said security expert Rich Mogull in the report, "that would be more effective than [for example] scanning MP3s for malware strings." He added, however, that he and others "don't know for sure if [Apple's testing] process worked or not -- since "a malware link that never runs isn't a threat."
Apple has been made aware of the issue and will likely remove the app from the App Store for revisions, though it declined to comment on this story. The incident may also cause the company to examine sound and web assets inside games more closely, as well as presumably cause the makers of other anti-malware software programs to update their detection engines. The iOS platform remains nearly threat-free when compared to competing platforms, but the lack of transparency in Apple's app-checking process could lead to other vulnerabilities being discovered publicly rather than privately.
|
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Jan 2000
Location: Columbus, OH
Status:
Offline
|
|
How in the world could this malware be inserted accidentally?
Ridiculous.
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Aug 2001
Location: Maitland, FL
Status:
Offline
|
|
Oh that's easy -- the developer could have used an MP3 they got off a file-sharing site. It's just a single line of HTML code inside the end of the file, it's trivially easy to do this. Run a scan over some pirated MP3s sometime, you'll see.
|
Charles Martin
MacNN Editor
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Jan 2001
Location: Suffolk, VA
Status:
Offline
|
|
For a second there, I thought this was about the Path app.
|
|
|
|
|
|
|
|
|
Senior User
Join Date: Sep 2001
Location: in front of my computer
Status:
Offline
|
|
that's exactly what happened, what chas_m said - they boosted an MP3. Perhaps they intended to replace it before they were done developing, but they forgot.
|
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Jan 2000
Location: Columbus, OH
Status:
Offline
|
|
If they used any files from a file sharing site, it's the developer's responsibility to make sure the files are safe to use.
That's no excuse.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Rules
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|
|