Lightning strikes again: iPhone malware gets truly malicious

iPhone lightning
Two weeks ago I reported on Ikee, the world’s first iPhone worm which was spreading between jailbroken devices in Australia, replacing wallpaper with an image of Rick Astley.

As Chet reports on his blog, this weekend has seen the discovery of a new example of iPhone malware in the shape of a worm (dubbed “Duh” after a section of its code) that is reported to be much more malicious in intent than Ikee.

The new worm is similar to the original Ikee worm (and the recently discovered iPhone hacking tool) in so much as it only infects jailbroken iPhones, where users have installed OpenSSH and not changed the default password (“alpine”).

However, it is much more serious than the original Ikee worm because it is not limited to infecting iPhone users in Australia, and communicates with an internet Control & Command centre, downloading new instructions – effectively turning your iPhone into part of a botnet.

Furthermore, it appears to be designed to steal information from users of online banking services. Indeed, the BBC is reporting that ING Direct is briefing its call centres so workers can provide advice about the worm to Dutch customers.

Two weeks is all it took for a jokey Rick Astley worm to be adapted into something which creates a criminal botnet and apparently designed to steal money from innocent users.

Some may have thought that the Ikee iPhone worm was a one-off. Some people might have imagined that lightning wouldn’t strike iPhones more than once – but they were wrong. And one thing is certain – you can be sure that if hackers find they can make money out of poorly-secured jailbroken iPhones, they will continue to attack them.

So the (rhetorical) question for Clu-blog readers is this – do you still feel the author of the original Ikee worm did iPhone users a favour? After all, it was him who released the source code of the Ikee worm, and gave the authors of this latest financially-motivated variant the template for infection.

We’ll publish more information about this latest example of iPhone malware as it becomes available. In the meantime, if you have a jailbroken iPhone it might make sense to ensure that you have changed the default password.