First Trojen Malware Detected for the Apple iPhone

Anti-virus software vendor, F-Secure has warned that the first Trojan malware for the Apple iPhone has been detected in the wild. The trojan installation package contains false application installation information that causes legitimate third party applications to be removed if the trojan is uninstalled from the iPhone.

The Trojan adds an application in the installer which pretends to be an update of erica's utilities. The app appears in installer as "iPhone firmware 1.1.3 prep". Once installed all this app does is it says "shoes." However, when uninstalled this app removes a lot of files from the /bin directory on the iphone, breaking valid apps such as "Erica's Utilities" (a collection of command-line utilities for the iPhone) and OpenSSH.

The software seems to have been written by a 11-year-old kid playing with XML files as a "proof of concept", and his father took down the hosting site as soon as he was alerted to the issue.

Symantec says that the risk to users is minimal as they would have to choose to install the bogus package and also choose to uninstall it before any serious problems occured.

The first details of the Trojan were published on ModMyiFone

Posted to the site on 9th January 2008