A new iOS app in the App Store was discovered to have Windows malware yesterday and was promptly removed by Apple. It is a relatively low-threat package that will not affect iOS or Mac OS and only poses a slight risk for users managing their iTunes accounts on Windows PCs.
An iOS user reported on the Apple Support Communities that “Instaquotes – Quotes Cards for Instagram” was flagged as a worm by their antivirus software. The threat was quickly confirmed and identified as Worm.VB-900 by ClamAV and Worm:Win32/VB.CB by Microsoft. It is considered low risk because the malware has to be manually extracted from the iOS application package before it can infect Windows.
The app had been released on July 19 at $0.99 and was temporarily reduced to free over the weekend. Apple has not reported how many users downloaded the infected app.
Within hours of the initial report, the app was removed from the App Store and the developer, Appsstand, posted a response in the forum that an update was in the works. Early this morning they tweeted that the application has been fixed and is now awaiting review by Apple.
It is unknown whether the malware was planted intentionally or was simply there because the developer’s system was infected and the worm was passed on when they built the app. The developer is new and has only one other app in the App Store which was just released yesterday. It is unknown whether that app is infected as well, but it has not been reported as a threat and is still available.
Apple could prevent incidents like these by checking for Windows malware as well as iOS and Mac OS malware when apps are uploaded for review. A simple extraction and scanning of all files from the app package would have exposed the threat and prevented the app’s release.
Even though it was determined to be a low-risk issue, hopefully this will encourage Apple to be more vigilant against all types of malware in the future.