Malicious Code in iOS App, Most Likely Injected during Windows OS Infection

[Viktor 669]

Today, an iOS user noticed that the $2 game Simply Find It developed by Simply Game is detected as potentially malicious by Bitdefender Virus Scanner.

More specifically, the infected object – a MP3 file that ships along with the game, was detected as Trojan.JS.iframe.BKD, a specialized detection that deals with iFrames loading malicious content from compromised websites.

A closer look on the MP3 file reveals that it contains an iFrame loading content from a website based in China (x.asom.cn), a known source for malware flagged accordingly by both browsers and antivirus solutions. We dug deeper into the issue, because infected MP3 files are rarely found in the wild and are highly particular to specific exploitation mechanisms.

We discovered that this particular iFrame has been injected by a number of families of malware designed for Windows, families which attempt to infect HTM or HTML files and load malicious code within these files. Sometimes, because of improper file type validations, these families of malware accidentally infect MP3 files. While the code itself is malicious placed in the right context (i.e. in a HTML document), it has no side effect when injected into the wrong file.

There is no known mechanism to date to exploit this behavior on users’ machines, and the file definitely does not pose any threat to the iOS uses. Most likely, the file came from an infected computer, where it has been inadvertently infected, and then was included in the final product – the game itself.

Источник