Apple pulls Russian malware from iOS App Store

Posted:
in iPhone edited January 2014
Hours after it was highlighted by a security firm, Russian-language malware on the iOS App Store was removed by Apple and is no longer available for download.

Apple confirmed on Thursday to Jim Dalrymple of The Loop that it removed the malware, an application named "Find and Call," once it was alerted to its presence on the App Store. The company said the software was pulled for violating App Store guidelines by accessing a user's Address Book data without authorization.

The application was revealed by Kaspersky earlier on Thursday to be a Trojan that would upload a user's phone book to a remote server. From there, the server sends out text message spam to all the contacts in the user's address book with a link to download the application.

In addition to being found in Apple's iOS App Store, the "Find and Call" software was also found on the Google Play storefront for Android handsets. Google has presumably also responded by pulling the application, as it can no longer be downloaded from Google Play.

Malware is an extremely rare occurrence on Apple's iOS platform, as the company has a review process that analyzes each individual application made available for download on the App Store. The company first began publishing its guidelines for review in September of 2010.

Malware


However, malware has routinely been found on Google's more open Android platform. Last year one security firm claimed that Android malware had increased by 472 percent in just one four-month span.

The malware issue on Android has been attributed to the lack of a review process such as Apple's, as well as the ease for a developer to make an anonymous account and pay the low $25 fee required to begin posting software to Google Play.

This May, Apple quietly made public a report detailing the extensive efforts it has undertaken to secure its mobile operating system. The paper boasts that Apple "designed the iOS platform with security at its core."
«1

Comments

  • Reply 1 of 36
    tallest skiltallest skil Posts: 43,388member
    Can't legal action be brought against these people since this stuff is illegal? And don't tell me spam/malware is legal in Russia; that doesn't make me feel any better. :lol:
  • Reply 2 of 36
    elliots11elliots11 Posts: 290member


    Hopefully this will lead to an even more stringent App Store review process.  I thought the review process was designed expressly to prevent these type of things, as well as buggy apps.  I'm sure no system is perfect, but at least on the malware front it's been pretty good up until this.

  • Reply 3 of 36
    elliots11 wrote: »
    Hopefully this will lead to an even more stringent App Store review process.  I thought the review process was designed expressly to prevent these type of things, as well as buggy apps.  I'm sure no system is perfect, but at least on the malware front it's been pretty good up until this.

    Or it just happened to be that mistake which slipped through. No matter how stringent the system, with an operation this big, there are always going to be mistakes. And with one slip-up of this kind I'm inclined to think along those lines. That said, it's even possible that this app functioned within review parameters and the developer chose to do something else after approval (depends on what Apple currently allows in relation to user contact data). If that's the case, it's possible the system needs to be tightened up. Changes to accessing contacts in iOS 6 might help a bit here.
  • Reply 4 of 36
    elliots11 wrote: »
    Hopefully this will lead to an even more stringent App Store review process.  I thought the review process was designed expressly to prevent these type of things, as well as buggy apps.  I'm sure no system is perfect, but at least on the malware front it's been pretty good up until this.

    I'm curious to know how this one slipped through. I wonder if a reviewer was just asleep at the wheel.
  • Reply 5 of 36
    macbook promacbook pro Posts: 1,605member
    I'm curious to know how this one slipped through. I wonder if a reviewer was just asleep at the wheel.

    Well, it isn't as though uploading your contacts isn't allowed by Apple. Apple simply doesn't allow exploitation of your contact information for the purpose of spamming SMS messages. The claims made by the developer may have matched the apparent functionality of the app when tested.

    This is why the Privacy Settings in iOS 6 are so vital.
  • Reply 6 of 36
    shaminoshamino Posts: 527member


    I wonder if Apple also revoked the source's developer key, or at least the app's certificate, preventing people who already downloaded it from further damage.

  • Reply 7 of 36
    nasseraenasserae Posts: 3,167member

    Quote:

    Originally Posted by BigBillyGoatGruff View Post





    I'm curious to know how this one slipped through. I wonder if a reviewer was just asleep at the wheel.


     


    It could be that the feature is enabled remotely. The developer could have enabled it (server side) after the app was approved. This will all go away with iOS 6 where the app needs your permission to access your calendar and contacts.

  • Reply 8 of 36
    mactelmactel Posts: 1,275member

    Quote:

    Originally Posted by BigBillyGoatGruff View Post





    I'm curious to know how this one slipped through. I wonder if a reviewer was just asleep at the wheel.


     


    That's what I was going to ask?  Seems Apple is slipping a bit here and cannot be completely trusted or they need to update their rules to catch this type of malware and any like it in the future.

  • Reply 9 of 36
    pendergastpendergast Posts: 1,358member
    This of course highlights the key difference between iOS and full desktop OS's (OS X included): the only way to exploit the device is through a controlled storefront, meaning that if malware is discovered, it can quickly be removed. Clearly, this is Apple's goal and such functionality will be replicated in Mountain Lion (depending on your security settings).
  • Reply 10 of 36
    voxmagisvoxmagis Posts: 1member


    Interesting that this was 'discovered' by Kaspersky - leading to months more of them crying they can't put anti-virus software on the iPhone.

  • Reply 11 of 36
    stlbluesfanstlbluesfan Posts: 353member

    Quote:

    Originally Posted by Pendergast View Post



    This of course highlights the key difference between iOS and full desktop OS's (OS X included): the only way to exploit the device is through a controlled storefront,


    Where did you get that idea?

  • Reply 12 of 36

    Quote:

    Originally Posted by NasserAE View Post


     


    It could be that the feature is enabled remotely. The developer could have enabled it (server side) after the app was approved. This will all go away with iOS 6 where the app needs your permission to access your calendar and contacts.



     


    I agree this was probably server side and totally outside of Apple's control. However, I disagree that this sort of thing would go away with the new privacy settings in IOS6. If I install an app that is supposed to access my contacts, I'm going to say yes when it asks for authorization. There are probably tons of legitimate apps that do that now. If they then do something with it server side, how am I to know. Hell, if they store it server side as part of their normal operation and then get hacked, you're just as screwed.


     


    Point is: don't let yourself be lulled into a false sense of security. Everything Apple is doing is going a long way to make it secure, but no system is perfect and downloading an app in IOS should be treated the same as downloading an app on Android, Windows, OSX, etc. (i.e think before you act).


     


    "The more you know..."

  • Reply 13 of 36
    sippincidersippincider Posts: 410member

    Quote:

    Originally Posted by MacTel View Post


     


    That's what I was going to ask?  Seems Apple is slipping a bit here and cannot be completely trusted or they need to update their rules to catch this type of malware and any like it in the future.



     


    600,000 apps.  One bad one slipped through.  Not a bad track record on Apple's part.


     


    That said, Apple needs to flag any app that uses the Address Book APIs, and give it especially close review (if they aren't doing this already).

  • Reply 14 of 36
    ranreloadedranreloaded Posts: 397member


    Apple needs to 'keep an eye' on suspicious apps (i.e., send user data to server) for an undisclosed period even after they are approved (like an app 'probation').


    this way, the bad guys will know they can't be at ease even after approval.

  • Reply 15 of 36

    Quote:

    Originally Posted by BigBillyGoatGruff View Post





    I'm curious to know how this one slipped through. I wonder if a reviewer was just asleep at the wheel.


     


    From what I understand it's hard for the reviewers to fall asleep since so many apps have to be scanned to prevent any phallic-like images from creeping through the process. However, Apple has notoriously understaffed the review department. Perhaps THIS may have helped get their attention to prevent a reoccurrence.

  • Reply 16 of 36
    mstonemstone Posts: 11,510member

    Quote:

    Originally Posted by BigBillyGoatGruff View Post





    I'm curious to know how this one slipped through. I wonder if a reviewer was just asleep at the wheel.


    They may need to hire some more Russian speaking reviewers.

  • Reply 17 of 36
    mstonemstone Posts: 11,510member

    Quote:

    Originally Posted by ranReloaded View Post


    Apple needs to 'keep an eye' on suspicious apps (i.e., send user data to server) for an undisclosed period even after they are approved (like an app 'probation').


    this way, the bad guys will know they can't be at ease even after approval.



    This is a well known tactic. The programmers put an if clause with a date criteria. The hidden functionality only reveals itself after the approval process is expected to be completed. Apple doesn't look at the source code directly. They can only test so much. Mostly they are looking for obvious infractions and testing against some private APIs but other than that they have to rely on end users to spot problems that may crop up after the apps gets wide spread usage. 

  • Reply 18 of 36
    nasseraenasserae Posts: 3,167member

    Quote:

    Originally Posted by MarquisMark View Post


     


    I agree this was probably server side and totally outside of Apple's control. However, I disagree that this sort of thing would go away with the new privacy settings in IOS6. If I install an app that is supposed to access my contacts, I'm going to say yes when it asks for authorization. There are probably tons of legitimate apps that do that now. If they then do something with it server side, how am I to know. Hell, if they store it server side as part of their normal operation and then get hacked, you're just as screwed.


     


    Point is: don't let yourself be lulled into a false sense of security. Everything Apple is doing is going a long way to make it secure, but no system is perfect and downloading an app in IOS should be treated the same as downloading an app on Android, Windows, OSX, etc. (i.e think before you act).


     


    "The more you know..."



     


    Whatever developers do with your personal info is out of your control once you give them access. However, The privacy setting in iOS 6 prevent other apps that are not supposed to access your calendar and contact from doing so. For example, after I installed iOS 6 I discovered that Realtors.com iOS app was accessing my contacts. Why do they need my contacts? I also found a couple of other apps trying to access my contacts and they are not supposed to do that.


     


    The new privacy setting in iOS 6 are not meant to prevent what developers do with your contacts but instead give you control on who should have access to your personal data.

  • Reply 19 of 36
    mstonemstone Posts: 11,510member

    Quote:

    Originally Posted by NasserAE View Post


     


    Whatever developers do with your personal info is out of your control once you give them access. However, The privacy setting in iOS 6 prevent other apps that are not supposed to access your calendar and contact from doing so. For example, after I installed iOS 6 I discovered that Realtors.com iOS app was accessing my contacts. Why do they need my contacts? I also found a couple of other apps trying to access my contacts and they are not supposed to do that.


     


    The new privacy setting in iOS 6 are not meant to prevent what developers do with your contacts but instead give you control on who should have access to your personal data.



    I was reading over the weekend that Facebook was not only accessing the contacts but actually changing the email address to @facebook.com email addresses for anyone who matched your friends list. Actually overwriting your contact info! Amazing.


     


    http://www.wired.com/gadgetlab/2012/07/facebook-email-woes/

  • Reply 20 of 36
    irnchrizirnchriz Posts: 1,616member
    Sneaky fucking Russians
Sign In or Register to comment.