Consumer Affairs Victoria says App Store contains malware
Consumer advisory on hacked iTunes accounts may go a little too far
Consumer Affairs Victoria has claimed Apple's App Store houses "counterfeit or 'cloned' apps" that "look like real apps but don't have the same kind of security as those made by established software programmers" and "can expose personal data to malware or predatory, virus-like software which can be used to steal personal information."
The agency makes that claim in a consumer advisory to Apple customers, urging them to change their passwords given increasing levels of ID fraud in the app store. Such incidents see criminals obtain users passwords, then run up large bills on iTunes and in the App Store.
Consumer Affairs Victoria has flagged its concern about such incidents of fraud following queries from irate customers whose accounts have been compromised, resulting in large bills for content and apps. The agency says it is aware that criminals are selling Apple IDs for as little as AUD$33, and that such sales are the source of the fraud. It therefore recommends, Apple customers change their passwords frequently, and steer clear of apps with few reviews. It also quotes Apple as saying customers should contact their financial institution to sort things out, seeing as the fraudulent purchases land on punters' credit cards.
The consumer advocate then makes the claim that predatory software lurks in the App Store, a statement that is at odds with Apple's assurances of a tough vetting process which excludes apps that send personal data to murky destinations.
We've therefore asked Consumer Affairs Victoria just what it means by "counterfeit or 'cloned' apps". A spokesperson has already told she feels the passage about counterfeit apps may not be particularly well-written. We'll let you know once she clarifies if the passage needs further clarification. ®
"The consumer advocate then makes the claim that predatory software lurks in the App Store" 
It's possible, of course. A clever malware author can probably slip a malicious application past Apple's screening, with enough work.
But until someone actually produces an example, I will tend to suspect that the iTunes IDs are being obtained in other ways. I generally receive one to two emails a month claiming to be from Apple and announcing that my iTunes account has been locked pending me clicking on a dodgy link to "confirm my identity." It's certainly plausible that the examples of compromised iTunes accounts are more down to this and other plain-Jane, garden-variety phishing than to a hypothetical malicious app in the app store.
Like I said, it's possible that some malicious app exists out there...but claims like this require some sort of evidence if they're to be taken seriously.
Hearsay.. that's all
There's a lot of speculation in that Consumer Affairs Victoria report, but zero proof about these so called "cloned / counterfeit Apps" do actually exist.
As Franklin stated, there are emails doing rounds claiming to be from iTunes asking you to reset your iTunes account password. Anyone with half a brain wouldn't reply to these, but some people do, thus providing the sharks with valid iTunes login credentials that "could" be sold on or more than likely used to purchase wares and Apps from the iTunes Store.
Most tech savvy consumers would take this CAV warning with a pinch of salt, however the paranoid among society would avoid iTunes App Store like a plague and echo the warning to people they know.
Why go to the trouble of trying to get malware into the App store and sandboxed devices when iTunes is a much larger and easier target.
Hundreds of viruses trojans and key loggers are readily available, particularly for older Windows platforms like XP where people may have outdated anti viruses and no anti-trojan software.
Apple has also been increasing security in iTunes recently, presumably due to increased fraud.