Tuesday04 October 2022

Malware Slipped Into the Apple App Store... Some Assembly Required

Reading time is around minutes.

One of the things that Apple has always held over Google’s head is the amount of malware that is present in the Google Play Store. It seems that each year the number and complexity of the malware uploaded to the Play Store grows. Much of this is because the Play Store is not as restrictive as the App Store. Apple’s walled garden has protected them from a storm of mobile malware for a long time… well there was that one attempt by Charlie Miller a while ago. Back then Miller used his developer account to submit an app that was actually malware. It got Miller banned from the Apple Developer club which made the news for a little while.


At the time Apple claimed that Miller violated his developer agreement (which he did) and that the method he used to get the malware into the App Store was not something that someone else would be able to accomplish. Sadly for Apple this was not true as a group of researchers from Georgia Tech did exactly the same thing except that the malware they managed to get in is a bit more serious. They called their new bug Jekyll and it showed that Apple’s scans of submitted apps is not as thorough as they claim.

The App that the group managed to insert was disguised as a new reader app which is a very common type of application. However as soon as the app was installed it reached out and phoned home to grab the rest of the payload. From there the App was able to send text messages, post tweets, send email, access contacts, take pictures, perform web redirects in Safari, and more. Apple missed it as the initial app did not contain any obvious malicious code in it the new and nefarious code was added in after the app called in.

Apple says that they have fixed iOS to deal with this new type of attack, but it is hard to imagine what they have done to stop an app from downloading information especially a news app. Over the past couple of years we have watched many of Apple’s fortresses fall. The in app purchase process was broken and now the way has been paved for new malware that assembles after installation. The walled garden has some weeds in it now and we all know how hard it is to get rid of weeds. This new development does not excuse the large amount of malware that Google’s Android has, but it does highlight what we have always said… there is no such thing as a secure OS, system, browser, etc. If you can lock it, someone can unlock it.

Tell us what you think in our Forum


Last modified on Friday, 16 August 2013 20:58

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.