Windows malware found in iOS App Store. Say what?!

Filed Under: Apple, Featured, iOS, Malware, Windows

App StoreIt hasn't been a great week so far for Apple security.

The discovery of new, low-distribution Mac malware known as Crisis or Morcut would be bad enough news, just before the launch of Mountain Lion.

But, alas, there's another security issue: an iOS app in the App Store was found to contain malicious Windows executable files.

The malware was initially found by a user of the Apple Support Communities discussion board who downloaded an app called "Instaquotes-Quotes Cards For Instagram" from iTunes, only to have his antivirus software tell him that it contained a worm.

Discussion about malware in App Store

Initially thought to be a false positive, it turned out that there was in fact actual Windows malware embedded inside the app.

Malware detection

The malware known by Sophos products as Mal/CoiDung-A, is identified as Worm.VB-900 by ClamAV and Worm:Win32/VB.CB by Microsoft.

CNET reports that Apple removed the Instaquotes app from the iOS App Store on Tuesday within hours of the malware's discovery.

According to a MacRumors report, the app had been in the App Store since 19 July and its price had temporarily dropped from $0.99 to free this past weekend. It is unknown how many users downloaded the app while it was available in the store.

It's also not entirely clear whether the malware's inclusion inside the app was deliberate or not - but in all probability this was an accidental infection caused by an infected developer's computer.

The good news is that the malware can't actually run on a Windows PC without first being extracted from the iOS application package, so it is unlikely to have caused any actual damage to any users' systems.

Earlier this month, Apple made the mistake of approving another questionable iOS app. In that case, the app itself engaged in nefarious behavior and was thus deemed by some to be malware.

That app, known as Find and Call, collected contact information from phones on which it was installed, sent this information in plain text over HTTP, and then sent SMS text message spam to the user's contacts, all without warning the user or asking for permission.

There's a major difference between Instaquotes and Find and Call, though. While Find and Call actually grabbed your data, the malware embedded in Instaquotes cannot cause any direct harm to Apple devices that run iOS.

Walled garden. Image from ShutterstockNevertheless, this is twice in a single month when Apple's infamous app review process has neglected to stop bad things from getting inside the iOS "walled garden."

Perhaps what's most disappointing about the discovery of Windows malware inside an iOS app is that Apple doesn't seem to have conducted a simple virus scan as part of its app vetting process.

Just extracting all files from the package, and scanning them with anti-virus software, would have prevented the Windows malware from getting into the iOS App Store in the first place.

As I discussed in detail last month, Apple could be doing a lot better job at vetting apps and improving the overall security of the iPhone, iPad, and App Store.

Walled garden image from Shutterstock.

, , , ,

You might like

2 Responses to Windows malware found in iOS App Store. Say what?!

  1. How could this have happened on accident? Is it possible the malware on the developer's computer was targeted at App Creation programs? Or was it just by chance that these files attached to whatever files related to the app coding process?

  2. John · 732 days ago

    "It is unknown how many users downloaded the app while it was available in the store." Oh really? I'd wager Apple knows EXACTLY how many downloads took place. What merchant site doesn't count and log downloads? That would be as lame as not running malware scans on uploads. Oh... right.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Joshua Long has a master's degree in IT concentrating in Internet Security and has taken doctorate-level coursework in Computer and Information Security. Josh's research has been featured by many fine publications such as CNET, CBS News, ZDNet UK, Lifehacker, CIO, Macworld, The Register, and MacTech Magazine. Look for more of Josh's articles featuring his research and musings on malware and security on his blog security.thejoshmeister.com, and follow him on Twitter and Google+.