Windows Malware Found in iOS App Store
The malware was found in the application package for the 'Instaquotes Quotes Cards for Instagram' app.
A Windows worm was recently found in an application available in the iOS App Store.
"In a recent post to an Apple discussion forum, user 'deesto' mentioned he had downloaded the free 'Instaquotes Quotes Cards for Instagram' app from the iTunes store and noticed that his ClamXav antivirus program had flagged the downloaded file as containing the 'Worm.VB-900' malware," writes CNET News' Topher Kessler. "Though the warning was first suspected to be a false positive, further investigation revealed that the malware is present in the application package."
"Computerworld extracted the app's .ipa archive -- the packaging format Apple uses to deliver its apps -- on a Windows 7 PC, then scanned the system using Microsoft's free Security Essentials antivirus program," writes Computerworld's Gregg Keizer. "Security Essentials flagged the file and warned that it contained Win32/VB.CB. According to Microsoft's website, the worm harks back to 2008 and is known by several other names, including W32.Imaut.AS (Symantec), W32/Autorun.worm.h (McAfee) and W32/VB-DGA (Sophos)."
"Though the worm is not a threat to iOS or Mac users, it could potentially harm those who manage their iTunes account on Windows," writes AppAdvice's Dom Esposito. "The worm could possibly be extracted from the app and end up infecting an unsuspecting PC user."
The malicious app was pulled from the App Store within hours of its discovery. "According to a MacRumors report, the app had been in the App Store since 19 July and its price had temporarily dropped from $0.99 to free this past weekend," writes Sophos' Joshua Long. "It is unknown how many users downloaded the app while it was available in the store."
"It's not entirely clear whether the malware's inclusion inside the app was done on purpose," writes ZDNet's Emil Protalinski. "Given that it wasn't exactly set up to infect a computer upon download, it's most likely this was an accidental inclusion due to an the developer's computer being infected."