Categories
Computer & Network Security>Apple

iOS Malware – The Sky Is (not) Falling!

By now you should have heard that malware has been detected in apps available from Apple’s App Store.  (Let’s take a short break to let the rival Android users stop chuckling)  Should you be panicked?  Should you contact your IT department and have them wipe all of your company’s iPhones?  Should you rush home and trade your teenager’s iPhone for an old Samsung flip phone?  No, you shouldn’t – the Appleocalypse is not upon us.  (except maybe for the last one – have you seen the trouble teenagers can get into on smart phones?  Sheesh!)

Because this is somewhat of a rare event, the Internet has been filled with opinion pieces and editorials concerning iOS malware but the facts, so far, have been hard to nail down.  The truth of the matter is that most US, LA, and European users should have little to worry about but that Asia-Pacific iPhone users could be in a bit of trouble.

What actually happened is that some Chinese programmers downloaded a corrupted version of Xcode, which is Apple’s official iOS and OS X app creation tool.  Apps were then created with the corrupted tool (which quietly embedded exploits) and were subsequently uploaded to Apple’s App Store.  About 50 corrupted apps were eventually identified by security firm Palo Alto Networks, and while these apps have now been removed from the app store, they weren’t removed before being downloaded by several million people.  Most of the apps are Asia-Pacific-centric, (like WeChat) but a few are in heavy rotation in the West.  (CamCard, a popular business card reader, being the most prominent).

Remediation is simple: If you do have any of the listed apps installed, report this to your IT department so they’re aware of a potential issue.  IT Staff and individuals should be checking corporate and personal iPhones for the apps.  Change iCloud and other passwords stored on your phone as a precautionary measure, and report any suspicious events to your IT department.

You can find a list of the corrupted apps here: (courtesy of macrumors.com)

Infected iOS apps (as released by Palo Alto Networks)
网易云音乐 2.8.3
微信 6.2.5
讯飞输入法 5.1.1463
滴滴出行 4.0.0.6-4.0.0.0
滴滴打车 3.9.7.1 – 3.9.7
铁路12306 4.5
下厨房 4.3.2
51卡保险箱 5.0.1
中信银行动卡空间 3.3.12
中国联通手机营业厅 3.2
高德地图 7.3.8
简书 2.9.1
开眼 1.8.0
Lifesmart 1.0.44
网易公开课 4.2.8
马拉马拉 1.1.0
药给力 1.12.1
喜马拉雅 4.3.8
口袋记账 1.6.0
同花顺 9.60.01
快速问医生 7.73
懒人周末
微博相机
豆瓣阅读
CamScanner
CamCard
SegmentFault 2.8
炒股公开课
股市热点
新三板
滴滴司机
OPlayer 2.1.05
电话归属地助手 3.6.5
愤怒的小鸟2 2.1.1
夫妻床头话 1.2
穷游 6.6.6
我叫MT 5.0.1
我叫MT 2 1.10.5
自由之战 1.1.0

A more thorough list, according to fox-it.com:

Mercury
WinZip
Musical.ly
PDFReader
guaji_gangtai en
Perfect365
网易云音乐
PDFReader Free
WhiteTile
IHexin
WinZip Standard
MoreLikers2
CamScanner Lite
MobileTicket
iVMS-4500
OPlayer Lite
QYER
golfsense
同花顺
ting
installer
下厨房
golfsensehd
Wallpapers10000
CSMBP-AppStore
礼包助手
MSL108
ChinaUnicom3.x
TinyDeal.com
snapgrab copy
iOBD2
PocketScanner
CuteCUT
AmHexinForPad
SuperJewelsQuest2
air2
InstaFollower
CamScanner Pro
baba
WeLoop
DataMonitor
爱推
MSL070
nice dev
immtdchs
OPlayer
FlappyCircle
高德地图
BiaoQingBao
SaveSnap
WeChat
Guitar Master
jin
WinZip Sector
Quick Save
CamCard

Again, it depends on which version of these apps you might have or from where they were downloaded that would indicate if you have a corrupt copy.  Be conservative and remove or update them if you have them.