Related Links

  • Intego
  • Reed Exhibitions Ltd is not responsible for the content of external websites.

Related Stories

  • iPhone hacker tool unveiled
    Just days after an iPhone worm was discovered in the wild, Mac security firm Intego has discovered a hacker tool targeting the iPhone that exploits the same vulnerability.
  • The iPod and iPhone could be used for hacking
    Applications on the Apple iTunes website are arguably what makes the iPhone so popular in mobile phone circles, but a growing number of users are unlocking (jailbreaking) their iPhones, for the simple reason that it opens up the mobile to third-party applications. This means the iPod and iPhone could be used for hacking.
  • iPhone may be weak link in company information security defences
    Research commissioned by DeviceLock, the end point security company, claims to show that many firms are failing to act on the information security risks that the Apple iPhone poses to their IT resources.
  • iPhone spyware surfaces
    Retina-X Studios has released the first software designed to secretly spy on iPhone users. The iPhone version of the Mobile Spy software can log phone activity including calls and SMS mesages in stealth mode, without showing up in the device's process list.
  • Mobile Devices Raise Security Concerns
    As mobile devices like the iPhone and BlackBerry become increasingly popular among end users, enterprises are worried about ensuring the security of their data.

Top 5 Stories


iPhone banking trojan creates botnet from Apple devices

24 November 2009

A third piece of iPhone malware has appeared, pushing the envelope further than ever before by creating a botnet of infected devices and acting as a banking trojan.

The trojan, which Mac anti-malware company Intego is calling iBotnet.A, scans addresses on the local network, along with predefined blocks owned by ISPs in the Netherlands, Portugal, Hungary, and Australia.

When the trojan finds an address occupied by a suitable target, it copies itself to the iPhone, and changes the root password for the device from 'alpine' (a default password) to 'ohshit'.

The trojan then connects to a Lithuanian server and downloads new files, effectively turning it into a dropper application. It also harvests network information about the iPhone and SMSs and sends it to the remote server, Intego said.

Each iPhone also gets given a unique identifier, which enables the trojan owners to reconnect to any iPhone storing valuable information, but which also acts as a quality control mechanism to avoid non-infected iPhones from connecting to the server.

The trojan malware authors have also specifically targeted a Dutch bank, by changing an entry in the iPhone's hosts file for the bank's website, to direct users to a bogus site so that login credentials can be harvested.

This iPhone trojan, like two other pieces of malware that appeared earlier this month, targets jailbroken iPhones with SSH installed.

Previously, malware had surfaced that merely changed the iPhone's wallpaper as a proof of concept. Then, another tool emerged that scanned wireless networks for vulnerable iPhones and harvested their data. This is the first piece of malware that spreads from phone to phone, and exploits the vulnerability to drop malicious executable code.

This article is featured in:
Malware and Hardware Security  •  Wireless and Mobile Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×