Malwareaware

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Tuesday, 7 May 2013

Malware: It could happen to iOS too.

Posted on 08:50 by Unknown
Some of you who read my post about Android malware may be thinking that iOS is safer. "A walled garden" as it is called where you can only download apps from one place must be safe... right? Unfortunately, that is not the case.

As of May 2nd 2013, an app from the app store was identified as malware by Bit defender Virus Scanner, a free app available from the Mac App Store. It has been confirmed that this is not a false positive, and the app actually contained a JavaScript Trojan Horse. This means that the app was infected with a string of malware that did not spread aside from downloading the infected app. The string of text in question is an iframe, which embeds a remote website. So if this iframe was read on a Mac, the iframe could lead you to the website that is embedded in the code of the app. And if the website in question is malicious, your mac is infected without you even doing anything except plugging your iOS device into your Mac and playing an MP3 file in the app.

As of this writing, the website that the string leads to is not responding.

Note that this malware is not a cause for concern at this point. And no, I am not trying to scare you.

But as someone who keeps his eye out for malware, it shows how Apple's process for app screening has room for improvement. Testing in a sandbox to watch the app's real world activities would almost certainly detect any malware or malcode in the app. But as it is unknown what the screening and approval process is, it is unknown if something did not work or something that should have been done did not get done.

Let me state that the app in question, which I will not name, is completely harmless at this point. Because at this point, there is no content in the website where the app points to. So this could possibly be an example of poor coding practices.

You can think whatever you would like about the app, but bottom line is that something sketchy is going on, but we don't know what. Was this code injected into the app by someone with malicious intent, or was it a poor coding practice used by the app developer? That question still remains.

I certainly hope that it was just a poor coding practice by the developer, after all, a false alarm is my favorite kind of alarm.

Comment below with your take on this. Is it malware that may or may not have been put there intentionally, or is it a poor coding practice?
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in iOS | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • How to remove System Doctor 2014
    There is a new rogue AV making the rounds on the web called System Doctor 2014. For those that have just started reading my blog or for thos...
  • What are Bitcoin Miners?
    For my first post about Bitcoins, and for what I wish to be my last about the subject, we are going to be talking about what Bitcoin miners ...
  • How to keep spies from monitoring you through your computer or your phone.
    Those of you in The United States of America have most likely heard about that whole IRS scandal and the accompanying scandals of wiretappin...
  • Spotlight on Malware: The Gruel Worm.
    It's been around since Windows 2000, but there still is not a way to remove this worm without formatting the hard drive. I speak of the ...
  • I am going to be a billionaire!
    For those of you that have been reading my blog for some time, you know I like to mess with scammers, fake tech support and the like. But th...
  • Use VBScript to pull a joke on your friends.
    Do you want to play a trick on your friends, family, or coworkers? Well this one's for you. You can make a fake piece of malware on your...
  • Spotlight on Malware: MyDoom
    The MyDoom Windows worm, also known as Novarg, and Shimgapi will be the subject of our focus for this post. The MyDoom worm was first discov...
  • CryptoLocker as of 11/3/2013
    If you have read my other posts on this, you know. But for those of you who do not, there is a piece of ransomware that has been making the ...
  • The Big Game: Who's on our side?
    I recently helped a friend of mine remove malware from their computer when she be one mused on how lonely my job must be. "It must be s...
  • Java: No more coffee for you.
    Odds are that every blogger that has a tight focus on computer security has authored a blog post about Java. So why am I wasting your time? ...

Categories

  • Android
  • History Of
  • iOS
  • Java
  • Macs
  • Passwords
  • Removal Guides
  • Spotlight On Malware
  • The CryptoLocker Saga
  • What Does It Mean?
  • What's in a name?
  • Windows

Blog Archive

  • ▼  2013 (151)
    • ►  November (10)
    • ►  October (5)
    • ►  September (15)
    • ►  August (22)
    • ►  July (26)
    • ►  June (17)
    • ▼  May (25)
      • Update on the new blog.
      • What's In a name: Rogue Antivirus
      • A break from blogging.
      • Apparently, my computer loves me. (Surprise ending)
      • How to keep spies from monitoring you through your...
      • Malware In Space: Not A Science Fiction Drama Gone...
      • Greyware and the Babylon Toolbar.
      • Decrypt Protect Ransomware and how to fully remove...
      • Plug In to Plugins.
      • How a fake tech support scam works.
      • Mac Malware is now getting past Gatekeeper.
      • Spotlight On Malware: Bring On The Flame!
      • Attack Of The Clones: What is a clone rogue?
      • The Big Game: Who's on our side?
      • KeyScrambler: A preventive measure against keylogg...
      • Spotlight on Malware: MyDoom
      • Spotlight on Malware: The Gruel Worm.
      • How (Not) to Make Your Computer Run Faster With th...
      • A brief look at Windows 8.
      • A few jokes about computers.
      • Malware: It could happen to iOS too.
      • Android Malware: The robot can be infected.
      • "Stupid Malware! You made me drop my sandwich!"
      • How to remove Internet Security (Rogue)
      • Glipho
    • ►  April (15)
    • ►  March (7)
    • ►  February (6)
    • ►  January (3)
Powered by Blogger.

About Me

Unknown
View my complete profile