or Connect
AppleInsider › Forums › Mobile › iPhone › Apple pulls Russian malware from iOS App Store
New Posts  All Forums:Forum Nav:

Apple pulls Russian malware from iOS App Store

post #1 of 35
Thread Starter 
Hours after it was highlighted by a security firm, Russian-language malware on the iOS App Store was removed by Apple and is no longer available for download.

Apple confirmed on Thursday to Jim Dalrymple of The Loop that it removed the malware, an application named "Find and Call," once it was alerted to its presence on the App Store. The company said the software was pulled for violating App Store guidelines by accessing a user's Address Book data without authorization.

The application was revealed by Kaspersky earlier on Thursday to be a Trojan that would upload a user's phone book to a remote server. From there, the server sends out text message spam to all the contacts in the user's address book with a link to download the application.

In addition to being found in Apple's iOS App Store, the "Find and Call" software was also found on the Google Play storefront for Android handsets. Google has presumably also responded by pulling the application, as it can no longer be downloaded from Google Play.

Malware is an extremely rare occurrence on Apple's iOS platform, as the company has a review process that analyzes each individual application made available for download on the App Store. The company first began publishing its guidelines for review in September of 2010.

Malware


However, malware has routinely been found on Google's more open Android platform. Last year one security firm claimed that Android malware had increased by 472 percent in just one four-month span.

The malware issue on Android has been attributed to the lack of a review process such as Apple's, as well as the ease for a developer to make an anonymous account and pay the low $25 fee required to begin posting software to Google Play.

This May, Apple quietly made public a report detailing the extensive efforts it has undertaken to secure its mobile operating system. The paper boasts that Apple "designed the iOS platform with security at its core."
post #2 of 35
Can't legal action be brought against these people since this stuff is illegal? And don't tell me spam/malware is legal in Russia; that doesn't make me feel any better. lol.gif

Originally posted by Marvin

Even if [the 5.5” iPhone] exists, it doesn’t deserve to.
Reply

Originally posted by Marvin

Even if [the 5.5” iPhone] exists, it doesn’t deserve to.
Reply
post #3 of 35

Hopefully this will lead to an even more stringent App Store review process.  I thought the review process was designed expressly to prevent these type of things, as well as buggy apps.  I'm sure no system is perfect, but at least on the malware front it's been pretty good up until this.

post #4 of 35
Quote:
Originally Posted by elliots11 View Post

Hopefully this will lead to an even more stringent App Store review process.  I thought the review process was designed expressly to prevent these type of things, as well as buggy apps.  I'm sure no system is perfect, but at least on the malware front it's been pretty good up until this.

Or it just happened to be that mistake which slipped through. No matter how stringent the system, with an operation this big, there are always going to be mistakes. And with one slip-up of this kind I'm inclined to think along those lines. That said, it's even possible that this app functioned within review parameters and the developer chose to do something else after approval (depends on what Apple currently allows in relation to user contact data). If that's the case, it's possible the system needs to be tightened up. Changes to accessing contacts in iOS 6 might help a bit here.
The true measure of a man is how he treats someone that can do him absolutely no good.
  Samuel Johnson
Reply
The true measure of a man is how he treats someone that can do him absolutely no good.
  Samuel Johnson
Reply
post #5 of 35
Quote:
Originally Posted by elliots11 View Post

Hopefully this will lead to an even more stringent App Store review process.  I thought the review process was designed expressly to prevent these type of things, as well as buggy apps.  I'm sure no system is perfect, but at least on the malware front it's been pretty good up until this.

I'm curious to know how this one slipped through. I wonder if a reviewer was just asleep at the wheel.
post #6 of 35
Quote:
Originally Posted by BigBillyGoatGruff View Post

I'm curious to know how this one slipped through. I wonder if a reviewer was just asleep at the wheel.

Well, it isn't as though uploading your contacts isn't allowed by Apple. Apple simply doesn't allow exploitation of your contact information for the purpose of spamming SMS messages. The claims made by the developer may have matched the apparent functionality of the app when tested.

This is why the Privacy Settings in iOS 6 are so vital.
post #7 of 35

I wonder if Apple also revoked the source's developer key, or at least the app's certificate, preventing people who already downloaded it from further damage.

post #8 of 35
Quote:
Originally Posted by BigBillyGoatGruff View Post


I'm curious to know how this one slipped through. I wonder if a reviewer was just asleep at the wheel.

 

It could be that the feature is enabled remotely. The developer could have enabled it (server side) after the app was approved. This will all go away with iOS 6 where the app needs your permission to access your calendar and contacts.

post #9 of 35
Quote:
Originally Posted by BigBillyGoatGruff View Post


I'm curious to know how this one slipped through. I wonder if a reviewer was just asleep at the wheel.

 

That's what I was going to ask?  Seems Apple is slipping a bit here and cannot be completely trusted or they need to update their rules to catch this type of malware and any like it in the future.

post #10 of 35
This of course highlights the key difference between iOS and full desktop OS's (OS X included): the only way to exploit the device is through a controlled storefront, meaning that if malware is discovered, it can quickly be removed. Clearly, this is Apple's goal and such functionality will be replicated in Mountain Lion (depending on your security settings).
post #11 of 35

Interesting that this was 'discovered' by Kaspersky - leading to months more of them crying they can't put anti-virus software on the iPhone.

post #12 of 35
Quote:
Originally Posted by Pendergast View Post

This of course highlights the key difference between iOS and full desktop OS's (OS X included): the only way to exploit the device is through a controlled storefront,

Where did you get that idea?

post #13 of 35
Quote:
Originally Posted by NasserAE View Post

 

It could be that the feature is enabled remotely. The developer could have enabled it (server side) after the app was approved. This will all go away with iOS 6 where the app needs your permission to access your calendar and contacts.

 

I agree this was probably server side and totally outside of Apple's control. However, I disagree that this sort of thing would go away with the new privacy settings in IOS6. If I install an app that is supposed to access my contacts, I'm going to say yes when it asks for authorization. There are probably tons of legitimate apps that do that now. If they then do something with it server side, how am I to know. Hell, if they store it server side as part of their normal operation and then get hacked, you're just as screwed.

 

Point is: don't let yourself be lulled into a false sense of security. Everything Apple is doing is going a long way to make it secure, but no system is perfect and downloading an app in IOS should be treated the same as downloading an app on Android, Windows, OSX, etc. (i.e think before you act).

 

"The more you know..."

I own...

1 Android Phone, 2 iPads, 1 Windows Tablet, 1 Mac Desktop, 1 Windows Laptop, 1 Linux Server, 1 Linux HTPC

 

They all are used regularly and each have their place. Competition is good.

Reply

I own...

1 Android Phone, 2 iPads, 1 Windows Tablet, 1 Mac Desktop, 1 Windows Laptop, 1 Linux Server, 1 Linux HTPC

 

They all are used regularly and each have their place. Competition is good.

Reply
post #14 of 35
Quote:
Originally Posted by MacTel View Post

 

That's what I was going to ask?  Seems Apple is slipping a bit here and cannot be completely trusted or they need to update their rules to catch this type of malware and any like it in the future.

 

600,000 apps.  One bad one slipped through.  Not a bad track record on Apple's part.

 

That said, Apple needs to flag any app that uses the Address Book APIs, and give it especially close review (if they aren't doing this already).

post #15 of 35

Apple needs to 'keep an eye' on suspicious apps (i.e., send user data to server) for an undisclosed period even after they are approved (like an app 'probation').

this way, the bad guys will know they can't be at ease even after approval.

I've accomplished my childhood's dream: My job consists mainly of playing with toys all day long.
Reply
I've accomplished my childhood's dream: My job consists mainly of playing with toys all day long.
Reply
post #16 of 35
Quote:
Originally Posted by BigBillyGoatGruff View Post


I'm curious to know how this one slipped through. I wonder if a reviewer was just asleep at the wheel.

 

From what I understand it's hard for the reviewers to fall asleep since so many apps have to be scanned to prevent any phallic-like images from creeping through the process. However, Apple has notoriously understaffed the review department. Perhaps THIS may have helped get their attention to prevent a reoccurrence.

"That (the) world is moving so quickly that iOS is already amongst the older mobile operating systems in active development today." — The Verge
Reply
"That (the) world is moving so quickly that iOS is already amongst the older mobile operating systems in active development today." — The Verge
Reply
post #17 of 35
Quote:
Originally Posted by BigBillyGoatGruff View Post


I'm curious to know how this one slipped through. I wonder if a reviewer was just asleep at the wheel.

They may need to hire some more Russian speaking reviewers.

Life is too short to drink bad coffee.

Reply

Life is too short to drink bad coffee.

Reply
post #18 of 35
Quote:
Originally Posted by ranReloaded View Post

Apple needs to 'keep an eye' on suspicious apps (i.e., send user data to server) for an undisclosed period even after they are approved (like an app 'probation').

this way, the bad guys will know they can't be at ease even after approval.

This is a well known tactic. The programmers put an if clause with a date criteria. The hidden functionality only reveals itself after the approval process is expected to be completed. Apple doesn't look at the source code directly. They can only test so much. Mostly they are looking for obvious infractions and testing against some private APIs but other than that they have to rely on end users to spot problems that may crop up after the apps gets wide spread usage. 

Life is too short to drink bad coffee.

Reply

Life is too short to drink bad coffee.

Reply
post #19 of 35
Quote:
Originally Posted by MarquisMark View Post

 

I agree this was probably server side and totally outside of Apple's control. However, I disagree that this sort of thing would go away with the new privacy settings in IOS6. If I install an app that is supposed to access my contacts, I'm going to say yes when it asks for authorization. There are probably tons of legitimate apps that do that now. If they then do something with it server side, how am I to know. Hell, if they store it server side as part of their normal operation and then get hacked, you're just as screwed.

 

Point is: don't let yourself be lulled into a false sense of security. Everything Apple is doing is going a long way to make it secure, but no system is perfect and downloading an app in IOS should be treated the same as downloading an app on Android, Windows, OSX, etc. (i.e think before you act).

 

"The more you know..."

 

Whatever developers do with your personal info is out of your control once you give them access. However, The privacy setting in iOS 6 prevent other apps that are not supposed to access your calendar and contact from doing so. For example, after I installed iOS 6 I discovered that Realtors.com iOS app was accessing my contacts. Why do they need my contacts? I also found a couple of other apps trying to access my contacts and they are not supposed to do that.

 

The new privacy setting in iOS 6 are not meant to prevent what developers do with your contacts but instead give you control on who should have access to your personal data.

post #20 of 35
Quote:
Originally Posted by NasserAE View Post

 

Whatever developers do with your personal info is out of your control once you give them access. However, The privacy setting in iOS 6 prevent other apps that are not supposed to access your calendar and contact from doing so. For example, after I installed iOS 6 I discovered that Realtors.com iOS app was accessing my contacts. Why do they need my contacts? I also found a couple of other apps trying to access my contacts and they are not supposed to do that.

 

The new privacy setting in iOS 6 are not meant to prevent what developers do with your contacts but instead give you control on who should have access to your personal data.

I was reading over the weekend that Facebook was not only accessing the contacts but actually changing the email address to @facebook.com email addresses for anyone who matched your friends list. Actually overwriting your contact info! Amazing.

 

http://www.wired.com/gadgetlab/2012/07/facebook-email-woes/

Life is too short to drink bad coffee.

Reply

Life is too short to drink bad coffee.

Reply
post #21 of 35
Sneaky fucking Russians
post #22 of 35
Quote:
Originally Posted by StLBluesFan View Post

Where did you get that idea?

I suppose I should have posted a caveat regarding "only"; obviously nothing is perfectly secure. But for all intents and purposes, the only malware in circulation on non-jailbroken iOS devices is via apps that slipped through the App Store's approval process. And these are quickly pulled (my point; the App Store allows Apple control over actually pulling malware, vs the traditional approach of allowIng users to install apps from a variety of sources).

I am not referring to java exploits.
post #23 of 35
Quote:
Originally Posted by NasserAE View Post

 

Whatever developers do with your personal info is out of your control once you give them access. However, The privacy setting in iOS 6 prevent other apps that are not supposed to access your calendar and contact from doing so.

 

Very true. However, everyone needs to think truly about what they install & authorize. The new privacy settings are a great addition, but we all know how well the whole "Allow or Deny" thing worked for MS. People tend to just click on anything asked of them without thinking just to move forward.

 

I'm just saying we can't let ourselves fall into the mentality that "Walled garden + privacy settings = totally safe".

I own...

1 Android Phone, 2 iPads, 1 Windows Tablet, 1 Mac Desktop, 1 Windows Laptop, 1 Linux Server, 1 Linux HTPC

 

They all are used regularly and each have their place. Competition is good.

Reply

I own...

1 Android Phone, 2 iPads, 1 Windows Tablet, 1 Mac Desktop, 1 Windows Laptop, 1 Linux Server, 1 Linux HTPC

 

They all are used regularly and each have their place. Competition is good.

Reply
post #24 of 35
Quote:
Originally Posted by NasserAE View Post

 

Whatever developers do with your personal info is out of your control once you give them access. However, The privacy setting in iOS 6 prevent other apps that are not supposed to access your calendar and contact from doing so. For example, after I installed iOS 6 I discovered that Realtors.com iOS app was accessing my contacts. Why do they need my contacts? I also found a couple of other apps trying to access my contacts and they are not supposed to do that.

 

The new privacy setting in iOS 6 are not meant to prevent what developers do with your contacts but instead give you control on who should have access to your personal data.

The apps you found to be doing more than you had allowed are referred to as malware when doing the same on the Android platform. The antivirus companies have a quite broad definition for it.

melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #25 of 35

Do any Android owners feel unsafe when going to the Android Ap locations? Has Google ever mentioned that they look into malware at all in the Android Marketplace?

post #26 of 35
Quote:
Originally Posted by Smallwheels View Post

Do any Android owners feel unsafe when going to the Android Ap locations? Has Google ever mentioned that they look into malware at all in the Android Marketplace?


Public Service Announcement ... Please stop drinking and/or eating prior to reading this post. The Surgeon General of the United States has issued a warning on this post as drinks and foodstuffs can be quite painful when forcefully expelled from the nose.


Google does provide Google Play Bouncer among other features ...

"Today we’re revealing a service we’ve developed, codenamed Bouncer, which provides automated scanning of Android Market for potentially malicious software without disrupting the user experience of Android Market or requiring developers to go through an application approval process..." (1)

"... This remote removal functionality — along with Android’s unique Application Sandbox and Permissions model, Over-The-Air update system, centralized Market, developer registrations, user-submitted ratings, and application flagging — provides a powerful security advantage to help protect Android users in our open environment..." (2)


but ...


Android botnet ... (3)

"The past quarter has seen the number of malicious apps double from 10,000 to 20,000 in just one month ..." (4)

"... hundreds of thousands of devices were infected after malware found its way onto the official Google Play marketplace." (4)

"... More worryingly for users, even Google’s official application marketplace, Google Play, was breached, with 17 malicious apps downloaded over 700,000 times before they were spotted and removed from the site..." (4)

"The security firm said at the start of the year, it had found more than 5,000 malicious applications designed to target Google's Android mobile operating system, but the figure has since risen to about 20,000 in recent months. By the coming third-quarter, the firm estimates there will be around 38,000 malware samples, and close to 130,000 in the fourth-quarter." (5)

"... malware targeting Android grew by 3,325 percent in the last seven months of 2011..." (6)


1. Hiroshi Lockheimer. Published 2 February 2012. Android and Security, Google Mobile Blog. Retrieved 5 July 2012.
2. Rich Cannings. Published 23 June 2012. Exercising Our Remote Application Removal Feature. Android Developers Blog. Retrieved 5 July 2012.
3. Terry Zink. Published 3 July 2012. Spam from an Android botnet. Terry Zink's Cyber Security Blog. Retrieved 5 July 2012.
4. Unattributed. Published 2 July 2012. The True Face of the Android threat. Trend Micro. Retrieved 5 July 2012.
5. Zack Whittaker. Published 4 July 2012. Trend Micro warns of Android malware pandemic by Q4 2012. ZDNet. Retrieved 5 July 2012.
6. Jeffrey Burt. Published 5 July 2012. Android Malware Creates Smartphone Botnet, Researchers Say. eWeek. Retrieved 5 July 2012.


All I could think when originally reading the bold, italicized text was ... WTF... Who are they kidding?
Edited by MacBook Pro - 7/5/12 at 8:06pm
post #27 of 35
Quote:
Originally Posted by voxmagis View Post

Interesting that this was 'discovered' by Kaspersky - leading to months more of them crying they can't put anti-virus software on the iPhone.

Yes, extremely interesting considering that the company lied about Apple wanting them to advise them about security issues. In my mind, Kaspersky is bordering close to being a protection racket and it would not surprise me if they were brewing up malware to make more a market for their products.
post #28 of 35
Quote:
Originally Posted by markbyrn View Post


Yes, extremely interesting considering that the company lied about Apple wanting them to advise them about security issues. In my mind, Kaspersky is bordering close to being a protection racket and it would not surprise me if they were brewing up malware to make more a market for their products.

 Shooting the messenger won't  rewrite history.

 

Apple have done a very good job thus far but it is inevitable that attempts to slip malware in to walled app stores will increase in line with market share. Phone malware has been around since the days of the Symbian Cabir. We the public just need to accept that the safety of our personal data is in the hands of other people.

post #29 of 35
Quote:
Originally Posted by markbyrn View Post


Yes, extremely interesting considering that the company lied about Apple wanting them to advise them about security issues. In my mind, Kaspersky is bordering close to being a protection racket and it would not surprise me if they were brewing up malware to make more a market for their products.

It almost seems kind of like one of those arsonists who set a fire, and then "discover" the fire and report it to the authorities.  That was my first thought when I saw Kaspersky mentioned in this article.

post #30 of 35
Quote:
Originally Posted by markbyrn View Post


Yes, extremely interesting considering that the company lied about Apple wanting them to advise them about security issues. In my mind, Kaspersky is bordering close to being a protection racket and it would not surprise me if they were brewing up malware to make more a market for their products.

Could it be kaspersky created this app and passed it along to someone to upload it for approval.

 

The speed of finding out what this app did, by them, is a bit suspicious.

post #31 of 35
Quote:
Originally Posted by AdamC View Post

Could it be kaspersky created this app and passed it along to someone to upload it for approval.

 

The speed of finding out what this app did, by them, is a bit suspicious.

 How paranoid are you?

 

If you read the links you will see that Kaspersky were contacted by a telco who had noticed suspicious behavour related to this app. Do you not think that if they wanted to scare iPhone owners they would create something that does more than just annoy your friends?

 

Are you suggesting that they are also responsible for the other apps that uploaded plain text copies of owners address bocks  (Aurora Feint/LinkedIn/Path)?

post #32 of 35
Quote:
Originally Posted by markbyrn View Post


Yes, extremely interesting considering that the company lied about Apple wanting them to advise them about security issues. In my mind, Kaspersky is bordering close to being a protection racket and it would not surprise me if they were brewing up malware to make more a market for their products.

Wow, now that you brought it up,...

what about Android malware?  Could Kapersky, Symantec or some big OS competitors be funding or outright creating it? It wouldn't surprise me that someone like Microsoft was brewing some up right now and telling Kapersky where to find it.

 

 

 

/s

melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #33 of 35

They should also send some of their Apple "boys" over there to rough these guys up and send the world a message: don't mess with our walled-garden. Seriously what kind of cack-sucking ossholes do this? They should be strung up in a public square like those people caught kissing each other in Dubai.

post #34 of 35
Quote:
Originally Posted by Gatorguy View Post

Wow, now that you brought it up,...

what about Android malware?  Could Kapersky, Symantec or some big OS competitors be funding or outright creating it? It wouldn't surprise me that someone like Microsoft was brewing some up right now and telling Kapersky where to find it.

 

 

 

/s

 

 

Not to bag on any particular entity in the security biz, good or bad, but it has gone to the dogs in the past couple years and fill-in-the-blank exploit/demonstration is now an open market activity with recognized brokers and a highest bidder mentality.

 

This is just a tip of the iceberg in the open example: http://www.forbes.com/sites/andygreenberg/2012/03/23/shopping-for-zero-days-an-price-list-for-hackers-secret-software-exploits/.  Once upon a time there were just a couple government, code and security companies that purchased them with the express intent of using them to plug holes.  But open market is much more lucrative.

 

I would not find it the least bit amazing if there are lowish danger exploit+demos sold and then "discovered" by the buyer.  Simply because high danger stuff is far more valuable to the cyber criminals as a money making opportunity than it might be as PR/advertising to a security company.

.
Reply
.
Reply
post #35 of 35
Quote:
Originally Posted by FjordPrefect View Post

They should also send some of their Apple "boys" over there to rough these guys up and send the world a message: don't mess with our walled-garden. Seriously what kind of cack-sucking ossholes do this? They should be strung up in a public square like those people caught kissing each other in Dubai.

 Step away from the banjo... come on, keep things in perspective. The firm was sending unsolicited sms invites to people. The owners were not financially harmed in anyway. It was an abuse, that is best resolved via legal action.

 

Erm... just noticed your user name. Sorry, it's been a long day, am sitting in the pub and I have evidentally had a sense of humour bypass. Time for another pangalactic garglebalster, or two.

New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: iPhone
AppleInsider › Forums › Mobile › iPhone › Apple pulls Russian malware from iOS App Store