Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Apple Pulls Russian SMS Spam App from App Store [Updated]

Got some russian spamming to my email address and website everyday, now I know where they come from.
 
Yes, it’s entirely possible that bot on a compromised PC connected to Yahoo Mail, inserted the the message-ID thus overriding Yahoo’s own Message-IDs and added the “Yahoo Mail for Android” tagline at the bottom of the message all in an elaborate deception to make it look like the spam was coming from Android devices.

That was quick! Security researchers at Microsoft and Sophos say they may have spoke a bit too soon about Android phones hosting a BotNet and spamming through Yahoo mail servers. Terry Zink, one of the discovers of the issue, said the following on his MSDN security blog

http://blogs.msdn.com/b/tzink/archive/2012/07/05/a-bit-more-on-that-spam-from-an-android-botnet.aspx
 
Don't online store owners have a duty of care to their customers the same way a retailer has in a bricks-and-mortar store?
 
All thanks to Kaspersky! Must give a credit to Kaspersky Labs from finding the Malware.

So don't download blindly from the Apple Apps Store, and don't assume that the Apple Apps Store is a safe haven for downloads.

Always check the developer, company that sell this software. Apple could not have done it without the findings from Kaspersky.

There's more malware to come.
 
Demigod Mac said:
This isn't some massive new exploit. This won't result in a huge flood of malware to iOS. This doesn't represent a "huge flaw" with the iOS platform. This won't even need to be patched.

To put it simply: a reviewer at Apple was a bit careless and approved an app that shouldn't have been. Human error.

When you consider:

1) the high chance your malicious app will be caught on the first review
2) the speed at which Apple can disable your app if you got lucky on step 1
3) the relatively insignificant number of jailbroken/vulnerable iOS users

... still makes iOS an unattractive, unprofitable target for malware authors. The guy who made this malicious app got extremely lucky, that's all.
Click to expand...

This post makes me wonder if we will ever see malware for iOS that disables system updates and the kill switch, like AVkiller.
 
RoelJuun said:
The first question that pops up in my mind is; how got it in the app store in the first place.
Click to expand...

The review process is just a cursory run through the app, mainly to make sure it doesn't immediately crash ie if it starts, it passes.
 
Richdmoore said:
I hope apple uses it's "kill switch" to delete this app from those phones that have already downloaded the app.
Click to expand...

can they actually forcibly retroactively remove apps that have already been downloaded? that would be... good in this case obviously, but it seems as though if someone downloads something (however harmful to the user/device) that it belongs to the user? hope they at least put up a prompt to remove it for the people that did download it...
 
Timzer said:
Technically correct? Nope. PC= Personal Computer. The average person thinks that a PC is a Personal Computer. Macs? Yes they are personal computers. Hence the description was very misleading that would clearly be a massive legal headache. It was misleading and Apple knew it Big Time. Hence the change. :rolleyes:
Click to expand...

Yea, except that Windows runs on Macs. In this case, the iMac or any other Mac is as vulnerable as any other PC.
 
Even if I like using iDevices, iOS pretty much became more and more insecure. And this is by far not the only app... the recent Strikefleet game uses your geo data without even asking or showing up in the Geo settings tab, just by circumventing the system via geo ads (just check the notification screen or quit the app and check the geo icon). Ugly as it can get. Plus the battery drain... this game gets as hot as it can get, even on an iPhone 4S -.-
 
Timzer said:
Technically correct? Nope. PC= Personal Computer. The average person thinks that a PC is a Personal Computer. Macs? Yes they are personal computers. Hence the description was very misleading that would clearly be a massive legal headache. It was misleading and Apple knew it Big Time. Hence the change. :rolleyes:
Click to expand...

Okay. :rolleyes:
 
betatest is there a way you can contact me regarding a closed thread you posted re: remote admin log in. ive experienced the same. is there a pm option on this site?
 
RoelJuun said:
The first question that pops up in my mind is; how got it in the app store in the first place.
Click to expand...

This isn't the first time. They're just saying that this is the first time they noticed such an app using it to send fake texts.

Probably thousands of apps access the Contact list for no good reason, and quite a few send it back to some server around the world, where it's no doubt sold to email spammers.

This is why Apple belatedly added a bit of Contact list permission checking, which as on Android, requires the user to exercise a bit of their brain. I.e. don't install a tip calculator that needs access to your contacts!

One of the biggest myths around is the belief that Apple somehow can magically determine, without reading the source code, what an app might do... espeically if it waits to do it after it's been in the store a while.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back