iOS app flagged for malware, likely a false positive

An iOS game called Simply Find It, when run through BitDefender’s virus scanner, reportedly returns a positive result for Trojan.JS.iframe.BKD. This has drawn into question the effectiveness of Apple’s App Store approval process. Is this something that Apple should have caught, and is it something App Store customers should be worried about?

Macworld’s Lex Friedman explains what BitDefender encountered: Simply Find It's IPA -- iPhone application archive -- file contains an mp3 audio file which contains an HTML iframe tag in it which points to x.asom.cn. Normally an iframe might be used on a website to embed a frame that loads another page. These iframe tags can also be abused to try and load malicious code in a webpage without being noticed by users. Currently if you try to access x.asom.cn, the page is not available. Using the archive.org Wayback Machine, you can see the last time that the site hosted any content was back in July of 2010. At that time, the Chinese page just had a message telling users that its free URL forwarding service had been discontinued. Going back further in the site’s history, we can see that it used to redirect to a handful of different URLs, primarily http://218.90.221.222/jc/img/love/new.htm, which if you go to now, is a 404. It's anybody’s guess what this site ever actually hosted.

Microsoft’s Malware Protection Center page provides some additional details about the virus that BitDefender detected. The symptoms section of the page explains that antivirus alerts can be triggered by iframes in webpages, which are only a symptom of the virus, not an actual detection that the virus itself is present. This helps explain why BitDefender detected this virus in the IPA, as well as why other virus scanners didn’t detect it; it’s not actually the virus.

So we have an app, that has an mp3, that has an iframe, that loads a webpage that does not exist. I think it’s safe to say that this app poses no actual threat to anybody currently. But why did this slip through Apple’s review process? Shouldn’t they have detected this?

No. Any app can load a webpage. A webpage can’t (usually) download and run code. Exploits have been found in iOS before that allowed remote code execution from a webpage and these have been used in the past for jailbreaking. This type of exploit is fairly rare though, and no public exploits of this nature are currently known. Additionally, each iOS app runs in its own sandbox, confined to its own sort of play area. If a new exploit was discovered which allowed code execution from a webpage, it would likely require a second exploit that allowed it to break out of its sandbox in order to gain access to other data on the device. There’s no reason to believe that the Simply Find It game does or will do this.

While it’s certainly strange to see an app from that App Store return a positive result in a virus scanner, looking a little closer at things here, there’s no cause for alarm and no real reason to think Apple missed something that they should have caught. If anything, this app might suggest that this mp3 was once on a computer that had a virus that modified it. Apple’s App Store review process has always been a mystery. Apps with the ability to run unsigned code have made it into the App Store before and I’m sure they will again.

For today, however, there's no threat and no cause for additional alarm. For today, the App Store is as safe as it was yesterday.

Source: Macworld

This post may contain affiliate links. See our disclosure policy for more details.

Latest And Best Prime Day Deals

Amazon's Fire TV Cube is down to just $70 thanks to this Prime Day deal
Amazon Fire TV Cube
$69.99 $119.99 Save $50

Save $80 on the Neato D4 robot vacuum during this Prime Day Lightning deal
Neato Robotics D4 Alexa-enabled laser-guided robot vacuum cleaner
$319.99 $400.00 Save $80

Time is running out. And so is the supply. Grab it while you can.

Grab TCL's 32-inch 720p Roku TV for less than $100 in this Prime Day Lightning deal
TCL 32S325 32-inch 720p Roku TV
$99.99 $130.00 Save $30

Act fast while you can. These Lightning deals tend to sell out quick.

The Ring Alarm security system is reaching new low prices for Prime Day
Ring Alarm home security systems

Various configurations of the Ring Alarm are discounted to their best prices yet exclusively for Prime members at Amazon through Tuesday night to help keep your home secure.

The Sonos Beam Prime Day deal includes a $40 discount and 2 $50 Amazon gift cards
The Sonos Beam Prime Day deal includes a $40 discount and $100 in Amazon gift cards
$359.00 $499.00 Save $140

That's just so much savings in one deal. You'll have to wait for the physical gift cards, but that's basically $100 to spend however you want.

Prime Day dropped this PlayStation 4 console bundle to just $250
PlayStation 4 Slim 1TB console with Marvel's Spider-Man and Horizon Zero Dawn
$249.99 $359.98 Save $110

This deal on the PlayStation 4 Slim console saves you $50 off its regular price while also including Marvel's Spider-Man and Horizon Zero Dawn Complete Edition for free. You'll just need an Amazon Prime membership to snag it.

The newest device in the Echo family, the Show 5, is now down to just $50
Echo Show 5
$49.99 $89.99 Save $40

It's only been on the market since May, but it hasn't escaped the Prime Day price cuts.

Amp up your home security with these huge Prime Day discount on nearly all Ring products
Save on Ring products today only

Whether you need a video doorbell, whole home alarm system, or some lights to brighten a dark area, Amazon has it all marked down today!

More Prime Day Deals