Skip navigation

apps reported as virus

7304 Views 11 Replies Latest reply: Jul 30, 2012 7:36 PM by Andreas77 RSS
deesto Level 1 Level 1 (25 points)
Currently Being Moderated
Jul 24, 2012 7:33 AM

I just downloaded two apps from iTunes, and one of them has been flagged by ClamXav as being a virus:

-Quotes for Cards (for Instagram)

 

2012-07-24 10:19:21 /Users/{me}/Music/iTunes/Mobile Applications/Downloads/Instaquotes-Quotes Cards For Instagram.tmp/Info.plist: OK

2012-07-24 10:19:22 /Users/{me}/Music/iTunes/Mobile Applications/Downloads/Instaquotes-Quotes Cards For Instagram.tmp/download.app: Worm.VB-900 FOUND

2012-07-24 10:19:24 /Users/{me}/Music/iTunes/Mobile Applications/Instaqoutes 1.0.ipa: Worm.VB-900 FOUND

 

I let ClamXav move it to the trash, but what else can/should be done?  How can I verify whether this is actually a virus?  A search for information on the app turned up very little, and nothing at all with reference to a possible virus or malware.

Screen shot 2012-07-24 at 10.19.42 AM.png

MacBook Pro i7 15, Mac OS X (10.6.7)
  • thomas_r. Level 7 Level 7 (26,970 points)
    Currently Being Moderated
    Jul 24, 2012 8:08 AM (in response to deesto)

    That is a Windows virus, and cannot affect your Mac.  Removing it is all that is necessary.

     

    Even though this cannot affect Mac OS X, inclusion of malware in an App Store app is still a very serious issue!  I have downloaded it and see the same problem here.  I'm not actually sure where to report such a problem, but I'm going to look into that.

  • MarkAllan Level 1 Level 1 (10 points)
    Currently Being Moderated
    Jul 24, 2012 8:24 AM (in response to deesto)

    It seems entirely likely that it's a false positive, but best to flag it up anyway.  Apple needs to check the archive and someone needs to submit it to ClamAV as a false positive.  Not sure who's best to do that as I suspect sharing an app downloaded from the AppStore is verboten.

  • MarkAllan Level 1 Level 1 (10 points)
    Currently Being Moderated
    Jul 24, 2012 8:38 AM (in response to MarkAllan)

    Looks like I spoke too soon.  It appears like it may not be a false positive afterall.  Letting ClamXav delete the app was the right thing to do.  We also need to flag this up to Apple somehow.

  • etresoft Level 7 Level 7 (23,905 points)
    Currently Being Moderated
    Jul 24, 2012 10:49 AM (in response to deesto)

    It is nothing to worry about. Considering where this virus is located, it wouldn't even hurt a Windows machine. It looks like an accident from the developer's infected Windows machine.

  • etresoft Level 7 Level 7 (23,905 points)
    Currently Being Moderated
    Jul 24, 2012 11:17 AM (in response to deesto)

    The best thing to do would be to send an e-mail to the developers so they can upload a new binary.

  • thomas_r. Level 7 Level 7 (26,970 points)
    Currently Being Moderated
    Jul 24, 2012 12:16 PM (in response to deesto)

    I'm still unclear as to whether it's possible to push a notification upstream in order to let Apple (and others) know this app is infected, whether intentionally or not.

     

    I have e-mailed an address at Apple that was given to me by one of my colleagues in the security industry.  I have also posted a note on the developer's Facebook page (which appears to be the only way to get in touch with them) and added a review of the app detailing the problem to the iOS App Store.

     

    As much as I agree with etresoft that this can't hurt you, and that it wouldn't even hurt a Windows user, it is troubling.  This was probably accidental, but we can't rule out the possibility that it was a probe to see whether Apple screens iOS apps for malware that can affect other systems.  Why anyone would be interested in doing that, I don't know, but I learned a long time ago that just because I don't see the reason doesn't mean there isn't one!  In any case, though, we've just learned something interesting about Apple's screening process.

  • Topher Kessler Level 6 Level 6 (9,305 points)
    Currently Being Moderated
    Jul 24, 2012 12:59 PM (in response to deesto)

    Apple has removed the app from the iOS app store. The page for it is no longer available. Whether Apple will have the developer correct the problem and resubmit it or other action has been taken (suspension, etc.), is unknown at this point, but at least it's been dealt with.

  • Appsstand Level 1 Level 1 (0 points)
    Currently Being Moderated
    Jul 24, 2012 4:55 PM (in response to deesto)

    Thank you For Emailing is us about the Infected app , We are Now working with apple To Push the Updated app the the appstore . Thanks

  • Andreas77 Level 1 Level 1 (0 points)
    Currently Being Moderated
    Jul 30, 2012 7:36 PM (in response to deesto)

    for what reason I could not buy from my iTunes :i have this problem

     

    I have apple acount for AppStore with ClickandBuy but can not buy anything programs ...

    this presented in my iTunes:

     

    i'm from GERMANY

    https://discussions.apple.com/servlet/JiveServlet/downloadImage/2-19061887-138891/untitled.bmp

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.