Share

Related Links

  • Intego
  • Reed Exhibitions Ltd is not responsible for the content of external websites.

Top 5 Stories

News

iPhone banking trojan creates botnet from Apple devices

24 November 2009

A third piece of iPhone malware has appeared, pushing the envelope further than ever before by creating a botnet of infected devices and acting as a banking trojan.

The trojan, which Mac anti-malware company Intego is calling iBotnet.A, scans addresses on the local network, along with predefined blocks owned by ISPs in the Netherlands, Portugal, Hungary, and Australia.

When the trojan finds an address occupied by a suitable target, it copies itself to the iPhone, and changes the root password for the device from 'alpine' (a default password) to 'ohshit'.

The trojan then connects to a Lithuanian server and downloads new files, effectively turning it into a dropper application. It also harvests network information about the iPhone and SMSs and sends it to the remote server, Intego said.

Each iPhone also gets given a unique identifier, which enables the trojan owners to reconnect to any iPhone storing valuable information, but which also acts as a quality control mechanism to avoid non-infected iPhones from connecting to the server.

The trojan malware authors have also specifically targeted a Dutch bank, by changing an entry in the iPhone's hosts file for the bank's website, to direct users to a bogus site so that login credentials can be harvested.

This iPhone trojan, like two other pieces of malware that appeared earlier this month, targets jailbroken iPhones with SSH installed.

Previously, malware had surfaced that merely changed the iPhone's wallpaper as a proof of concept. Then, another tool emerged that scanned wireless networks for vulnerable iPhones and harvested their data. This is the first piece of malware that spreads from phone to phone, and exploits the vulnerability to drop malicious executable code.

This article is featured in:
Malware and Hardware Security  •  Wireless and Mobile Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×