6 Replies Latest reply: May 1, 2013 6:06 AM by Labyrintho
Labyrintho Level 1 Level 1 (0 points)

Not sure where to ask this, so I will put it here.

 

When routinely ("download all free updates") updating the iOS app "QuickPlan" from Hao Li to version 1.2, I got a very strange warning and block from my Avast anti-malware software.  It said that, when trying to do that one update, iTunes was attampting to download an infected Windows executable, "PlannerHD.exe".

 

I've no idea why in iOS app update via iTunes would ever download a Windows executable, so I'm a bit concerned by this.  No harm to me--it was blocked--but I wonder if malware pushers have found a way to slip stuff in on less-protected users.

 

Here is a window capture from the Avast web shield log from the two attempts to update this app:

 

PlannerHD.exe.Putative.Windows.Malware.from.iOS.app.QuickPlan.Update.png


iTunes for Windows, Windows 7
  • 1. Re: Malware from iOS app "QuickPlan" update?
    ianfromrochford Level 1 Level 1 (0 points)

    I had exactly the same thing come up. Very odd as iTunes should only be downloading .ipa files for apps. I decided to raise a support case to see what they say.

  • 2. Re: Malware from iOS app "QuickPlan" update?
    Labyrintho Level 1 Level 1 (0 points)

    Glad you opened a case--I should have done that instead of being lazy and just posting here.    Thanks for that, and let me (and others) know here when Apple resolves this, if you would.

  • 3. Re: Malware from iOS app "QuickPlan" update?
    turingtest2 Level 8 Level 8 (46,550 points)

    Indeed, one to keep a watchful eye on.

     

    tt2

  • 4. Re: Malware from iOS app "QuickPlan" update?
    Labyrintho Level 1 Level 1 (0 points)

    Especially given the rash of industrial espionage malware now, though hopefully there's a perfectly innocent "false positive" explanation for this.... 

     

    Not sure how apparently downloading "PlannerHD.EXE" unannounced via an iOS app update fits into an innocent explanation, however.

  • 5. Re: Malware from iOS app "QuickPlan" update?
    ianfromrochford Level 1 Level 1 (0 points)

    So far the only response I have had is a pretty stock one (and I'm sure that 'Don' this is an automated email system, not a real person!)

     

    Thank you for writing to iTunes Store Support. My name is Don, and I'll be looking into your concern today


    I understand that your Anti-Virus program is detecting a trojan when you download an update for the application "QuickPlan". I can certainly comprehend the seriousness of this matter. Let me see what I can do to help.


    Apple takes the quality of products offered on the iTunes Store very seriously, and will investigate the issue you reported in-depth as well as the vendor being notified. I can't say when or if the vendor will correct the issue.


    Ian, I suggest that you report this to the developer (Hao Li) as well. This will ensure that proper actions are carried out as quickly as possible. You can visit their support site at:


    http://mobilinked.biz/Support/Index.html


    Thank you for your patience as we work to make your experience with the iTunes Store more enjoyable.


    In the meantime, you may wish to look for other applications brought to you by the iTunes Store.


    Please accept my apologies for any inconvenience this has caused. Your patience and understanding are greatly appreciated.


    I wish you all the best and I hope that you continue to enjoy purchasing at the iTunes Store.

  • 6. Re: Malware from iOS app "QuickPlan" update?
    Labyrintho Level 1 Level 1 (0 points)

    I did early on contact Hao Li and was told that they would contact Avast to straighten out this false positive.

     

    And yet.... I wish I understood what was going on with this apparent effort to download a Windows executable via an iOS app update to begin with, even before the warning that that executable was infected. 

     

    Given the amount of advertent and inadvertent malware out there, more and more of it in state-sponsored industrial espionage, and given the evidence so far, a great deal of extra caution is warranted, IMHO.