Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > News > Mac News > Report: iOS app has accidental malware, but not a threat to users

Report: iOS app has accidental malware, but not a threat to users
Thread Tools
NewsPoster
MacNN Staff
Join Date: Jul 2012
Status: Offline
Reply With Quote
May 7, 2013, 12:17 AM
 
A bit of malware -- a Trojan horse file that tries to redirect to a website -- has been found inside an iOS app, but the code has turned out to be harmless. The app in question is called Simply Find It ($2) and comes from a legitimate developer that has produced a number of legitimate games -- suggesting that the malware was probably inserted into the app accidentally. The bigger issue (since there is no direct threat posed by the bad code) is how Apple's testing procedure missed it -- and how two well-known anti-malware scanners couldn't pick up on it either.

Trojans are often hidden inside other files that are otherwise legitimate, particularly MP3s -- and indeed it was an MP3 file where the suspect code turned up, appended to the end of a playable sound file. Anti-malware program Bitdefender (free) from the Mac App Store was able to detect the malware in the store IPA app file, while ClamXav and iAntivirus did not notice a problem with the game file, reports Macworld.

The malware takes the form of an "iframe," which can embed a remote webpage and is commonly found in pirated MP3 files. While Mac OS X can't run iOS programs, it can be used to browse through the IPA package's files and examine code. The iframe was found in a sound file called "day.mp3" inside the game. Fortunately, the Chinese web domain the Trojan directs to -- x.asom.cn -- isn't functioning. The webpage could, however, have attempted to exploit any known vulnerabilities in browsers, Flash or Java among other possibilities.

While the trojan likely came to be inside the app through an accident, why Apple's testers didn't catch it remains a mystery -- and points out the occasional problem with the approval process for apps being so secretive. "If Apple tested the app by running it in a sandbox and watching the app's activities," said security expert Rich Mogull in the report, "that would be more effective than [for example] scanning MP3s for malware strings." He added, however, that he and others "don't know for sure if [Apple's testing] process worked or not -- since "a malware link that never runs isn't a threat."

Apple has been made aware of the issue and will likely remove the app from the App Store for revisions, though it declined to comment on this story. The incident may also cause the company to examine sound and web assets inside games more closely, as well as presumably cause the makers of other anti-malware software programs to update their detection engines. The iOS platform remains nearly threat-free when compared to competing platforms, but the lack of transparency in Apple's app-checking process could lead to other vulnerabilities being discovered publicly rather than privately.


     
msuper69
Professional Poster
Join Date: Jan 2000
Location: Columbus, OH
Status: Offline
Reply With Quote
May 7, 2013, 01:36 AM
 
How in the world could this malware be inserted accidentally?
Ridiculous.
     
Charles Martin
Mac Elite
Join Date: Aug 2001
Location: Maitland, FL
Status: Offline
Reply With Quote
May 7, 2013, 02:15 AM
 
Oh that's easy -- the developer could have used an MP3 they got off a file-sharing site. It's just a single line of HTML code inside the end of the file, it's trivially easy to do this. Run a scan over some pirated MP3s sometime, you'll see.
Charles Martin
MacNN Editor
     
ctt1wbw
Mac Elite
Join Date: Jan 2001
Location: Suffolk, VA
Status: Offline
Reply With Quote
May 7, 2013, 08:55 AM
 
For a second there, I thought this was about the Path app.
     
climacs
Senior User
Join Date: Sep 2001
Location: in front of my computer
Status: Offline
Reply With Quote
May 7, 2013, 09:39 AM
 
that's exactly what happened, what chas_m said - they boosted an MP3. Perhaps they intended to replace it before they were done developing, but they forgot.
     
msuper69
Professional Poster
Join Date: Jan 2000
Location: Columbus, OH
Status: Offline
Reply With Quote
May 7, 2013, 10:02 AM
 
If they used any files from a file sharing site, it's the developer's responsibility to make sure the files are safe to use.
That's no excuse.
     
   
Thread Tools
 
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Top
Privacy Policy
All times are GMT -4. The time now is 03:01 AM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,