Slashdot Mirror

← Back to Stories (view on slashdot.org)

First iOS Malware Discovered In Apple's App Store

Posted by timothy on from the still-a-pretty-good-track-record dept.

New submitter DavidGilbert99 writes "Security experts have discovered what is claimed to be the first ever piece of malware to be found in the Apple App Store. While Android is well known for malware, Apple has prided itself on being free from malicious apps ... until now. The app steals your contact data and uploads it to a remote server before sending spam SMS messages to all your contacts, but the messages look like they are coming from you."

6 of 171 comments (clear)

  1. First *malware* perhaps by GameboyRMH · · Score: 5, Interesting

    ...but years ago there was a tethering app disguised as a flashlight app so it's been possible for a long time.

    --
    "When information is power, privacy is freedom" - Jah-Wren Ryel
    1. Re:First *malware* perhaps by GameboyRMH · · Score: 4, Interesting

      With users relying entirely on the app store's curation process for security and a relatively low interest from the computer security community on the platform, I'd bet there are a lot of apps doing shady stuff with iOS users' personal data right now.

      --
      "When information is power, privacy is freedom" - Jah-Wren Ryel
    2. Re:First *malware* perhaps by Em+Adespoton · · Score: 3, Interesting

      This isn't even the first time they've found it... functionally, the app does nothing that the Facebook app doesn't do, except for forge your SMS credentials. I doubt Apple's going to be pulling the Facebook integration from iOS 6 though....

  2. Stopping malware by DaMattster · · Score: 3, Interesting

    One way to stop the proliferation of malware in these so-called app stores is to not allow the submission of binaries. Force the author to submit source code instead so it can be audited and then have Apple build the binaries. Apple could then put the binary through its paces to see how it behaves. I'm not necessarily advocating this method because there are multiple points for abuse but it is one way to thwart the problem. It would force the would-be malware writers to innovate and adapt and that would not be easily done.

  3. Re:No doubt... by h4rr4r · · Score: 3, Interesting

    What stops that dev from spending another $99 on another dev account?
    Not that hard or expensive to kill your old corporation, start another and get a new AMEX.

  4. Re:No doubt... by Crudely_Indecent · · Score: 4, Interesting

    It took 5 years for the first malware to show up.

    Wrong! It took 5 years for the first malware to be identified and publicly acknowledged.

    How many more exist secretly, awaiting a clever analyst?

    --


    "Lame" - Galaxar