IEEE Computer Society Newsfeed

Subscribe RSS

« Back

Jekyll Applications Hide Apple Malware

Georgia Institute of Technology researchers coined a new term for those mobile applications that appear harmless, but are hiding exploitable vulnerabilities and malware: Jekyll apps. They created a proof-of-concept Jekyll app and successfully published it to the Apple app store. The application takes the digitally-signed Apple binary code and rearranges it such that it has new and malicious behaviors that remain undetected when the application is reviewed by Apple. "Since the new control flows do not exist during the app review process, such apps,” noted the researchers, “can stay undetected when reviewed and easily obtain Apple’s approval.” They created a news reading application to test the theory. Once in the Apple app store, the researchers successfully launched the Jekyll attributes of the device and launched remote attacks on a controlled group of devices with the app installed that was able to execute actions, such as sending texts and forwarding voice calls to other phones, without the user’s knowledge. It also was able to download additional malware and compromised other software on the device. The researchers said they were able to circumvent each of the major security technologies in iOS. After testing, they removed the application from the App Store and report that no other users downloaded the app while it was available. The researchers presented their work at the USENIX Security Symposium. (Computerworld)(The Telegraph)(“Jekyll on iOS: When Benign Apps Become Evil,” Wang, K. Lu, et al. in Proceedings of the 22nd USENIX Security Symposium)

Trackback URL: