iPhone Trojan discovered in the wild

iPhone Trojan discovered in the wild

Summary: The first iPhone Trojan has been seen in the wild, according to security vendors.


The first iPhone Trojan has been seen in the wild, according to security vendors.

The first warnings about the Trojan were posted on Saturday on the iPhone modification forum ModMyiFone.com, said security vendor F-Secure. When installed, the Trojan appeared to do nothing more than display the word "shoes", according to the ModMyiFone post.

However, when a user attempted to uninstall the malicious code, the application wiped files from the /bin directory, breaking "Erica's Utilities" such as sendfile. Erica's Utilities are a collection of command-line utilities for the iPhone, according to security vendor Symantec, which warned on Monday that the Trojan also overwrites OpenSSH, an open-source encryption protocol. The Trojan, known as "iPhone firmware 1.1.3 prep", or "113 prep", is the first to be seen in the wild, according to Symantec researcher Orla Cox.

"This is technically the first Trojan horse seen for the iPhone; however, it does appear to be more of a prank than an actual threat," Cox wrote in a blog post. "The impact of uninstalling the 'Trojan' would appear to be an unintended side effect."

Affected users need to uninstall the Trojan and reinstall affected files, according to Symantec. The risk to users is minimal as they would have to choose to install the bogus package and the site which was hosting it has now been taken offline, wrote Cox.

Both Symantec and F-Secure warned that users should be cautious when installing third-party iPhone applications. Apple warned in September last year that its own updates could break unlocked iPhones running unofficial iPhone software.

Topics: Symantec, Apple, iPhone, Malware, Mobility, Security

Tom Espiner

About Tom Espiner

Tom is a technology reporter for ZDNet.com. He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Vulnerable iPhones only hijacked ones?

    From what I can tell, your articles seems to be speaking to iPhones that have been hacked. Is that correct? If so, you can't expect anything less than a compromised situation. If you're running the legit 2.0 iPhone software and using only applications from the APP store, I wouldn't imagine needing any kind of malware protection as Apple has to approve the apps on the site. ModMyiFone.com - that says it all, doesn't it?
  • Reply to above

    Yes that article is addressing hacked iPhones, but I assume you have a legit 2.0? if so, you don't have to be an ass about it.