Researchers show how to slip malware into Apple’s App Store

August 17, 2013 – 10:28 AM

Apple’s App Store can seem like Fort Knox, with Apple reviewing each and every app before making it live. This fastidious approach works, for the most part, but it isn’t a perfect process. MIT Technology Review reports that researchers from Georgia Tech recently managed to get a malware-infected app approved by Apple and placed in the App Store.

Dubbed Jekyll, but submitted to Apple as an app for Georgia Tech News, the app had the ability to transform itself over time. “The app did a phone-home when it was installed, asking for commands. This gave us the ability to generate new behavior of the logic of that app which was nonexistent when it was installed,” said Long Lu, who was part of the team that created the app.

According to Lu, they were able to tell that Apple ran that app for no more than a few seconds before approving it. This is because the app contained fragments of code, hidden beneath legitimate app operations, that pieced themselves together after running it. Apple didn’t run the app long enough for this to happen.

And Jekyll was hiding some pretty nasty malware. It could send e-mails and text messages, tweet, take photos, steal personal information and device ID numbers, and attack other apps, all without the user ever knowing. It even had a way to direct Apple’s Safari browser to a webpage filled with additional malware. Not the sort of thing you want on your phone or tablet.


You must be logged in to post a comment.