The first iPhone malware distributed by the official App Store, Apple, was found by antivirus company Kaspersky Lab, which released the information Thursday (5). The plague, which claims to be an application called “Find and Call” captures all the contacts stored on the phone and sends it to a remote server.
The virus analyst Denis Maslennikov SecureList explained in the blog ( see post here ) that was prompted by Kaspersky MegaFon, a mobile operator in Russia, about the existence of a suspect application. The analysis of the security company showed that the software stole the victim’s contacts and the numbers received an SMS advertising the app to spread the plague. SMS messages were sent from the server itself to where the data was sent, not the cell of the victim, according Maslennikov. However, messages are sent in such a manner that seems to be the origin unit of the victim.
The “Find and Call” does not perform any destructive activity on the device. According to SecureList, a Russian blog consulted the company that made the software, called Wealth Lab, and they said that spam via SMS was a “bug”. Then Kaspersky confirmed that, in addition to SMS, also were sent e-mail spreading app.
The malicious code was dubbed “Fidall” by Kaspersky Lab The software has been removed from the App Store and Google Play.
Protections in the official repositories
The first iPhone malware was Ikee, which only works on devices to “jailbreak” . However, in five years of iPhone, companies had never identified an antivirus software that could be considered “malware” in the App Store. The iPhone is considered a better choice for those who do not want to worry about pests in digital cellular.
There may be a controversy, however, if the “Fidall” is actually a malware. This is because it is not the first time a software captures the agenda of cellular or other data without notifying the internet , and sent SMSs do not leave the victim’s own cell phone.
Security researcher Charlie Miller had pointed out the existence of means to include malicious code in the App Store through the creation of “willful failure” in an authorized application .Thus, Apple could not evaluate the software code sent for evaluation, since the malicious code would be downloaded later.
Unlike iOS, Android, Google is able to run programs outside the official repository, Google Play, and Google does not review each software individually before being placed in its application store. Instead, Google uses a software called Bouncer that parses the Google apps on Play and removes those that are considered “suspect” or alert the crew to perform a manual analysis.
Post a Comment Blogger Facebook