Two security threats related to both of Apple’s respective operating systems have been unearthed today. Neither are worth immediately panicking over, however.
Malware in third-party App Store app:
CNET has highlighted that the iTunes App Store third-party app Instaquotes Quotes Cards for Instagram includes malware. The specific form is known as Worm.VB-900, and when CNET installed the worm onto a PC, it was immediately determined as malware and removed from the PC. The application’s file system includes two executables with the malware:
We recommend staying clear from this App Store app, and hopefully Apple removes it from the App Store as soon as possible.
Update: The creators of the Instaquotes app have provided us with the following statement. The app has also been removed from the App Store:
Dear 9to5mac ,
we want To let All our Users That we are working To Solve This Problem As Soon As Possible , with a New update . We want also to Clear That we have Developed This Application by a Freelancer Developer , So we are investigating This issue with The Developer To Solve This Problem As Soon As Possbile .
Low-risk Trojan called “Crisis” discovered for OS X:
Mac security blog Intego has highlighted a new OS X trojan called Crisis. The report calls the trojan low-risk at this current time:
This threat has not yet been found in the wild; no indication has been found that this Trojan has infected users. As such it’s considered a low risk at this time. Intego VirusBarrier X6 detects and removes this malware using today’s definitions: version 20120724-2. It detects the dropper component as OSX/Crisis, and the backdoor component as Backdoor:OSX/Crisis. It will also block connections with the IP address the backdoor component seeks to connect with.
The threat is only for OS X Snow Leopard and Lion machines, as the report explains:
Intego has discovered a new Trojan, called OSX/Crisis. This threat works only in OSX versions 10.6 and 10.7 – Snow Leopard and Lion. It installs without need of any user interaction; no password is required for it to run. The Trojan preserves itself against reboots, so it will continue to run until it’s removed. Depending on whether or not the dropper runs on a user account with root permissions, it will install different components. As we have not yet seen if or how this threat is installed on a user’s system, it may be that an installer component would try to establish root permissions.
It seems, again, that neither of the above security breaches is anything to panic about, so just take this as a helpful information to protect a possible future issue.