It is possibly the news which many people didn’t think they would ever hear when talking about Apple’s iOS App Store, but one app that is available on the store for download has been found to contain a malware worm within its guts. Before we all go raising the alarms and condemning Apple for first having security vulnerabilities that allowed in-app purchase protocols to be bypassed and now hosting an app that contains malware, it is worth noting that the worm in question is classified as extremely low-threat and is only a possible disturbance to those who are using the Windows operating system.
While the nasty little surprise has made itself at home within the actual app bundle, it represents absolutely no harm to the iOS or OS X platforms. With that said, Windows users do account for a large proportion of those who download apps from the App Store and are at risk from the threat if they happen to interact with the app in question through iTunes on their computer. The app in question is the Instaquotes Quotes Cards for Instagram creation and is a free of charge download on the store for the iPhone and iPod touch.
As is usually the case with things like this, the issue first came to light in a discussion forum with one user of the app pointing out that his antivirus immediately flagged the app as suspicious and pin-pointed the cause as the Worm.VB-900 malware. This particular virus is about to celebrate its third birthday after being discovered in 2009 and as such doesn’t cause too many problems for those who encounter it and want it removed right away. Due to its age, the majority of antivirus programs have the ability to immediately detect it thanks to their virus definitions.
While there is no suggestion that the developer behind the application is in any way responsible for the malware being present in the app, it does remain a bit of a conundrum how it actually managed to find itself there in the first place. Additional investigation and testing of the app bundle has shown that the unwelcome intruder is actually a Visual Basic program that manages to install its own files and then modifies the registry to let the malware do its damage when the Windows machine is eventually restarted.
If you are a Windows user who already has this app on their device and imported it into iTunes then it may be worthwhile letting your virus checker do a quick scan to see if you have been infected with this malware. If you don’t have any virus detection installed then, now is a good time to rectify that and stay away from the app until the developer has resolved the issues.