The Register® — Biting the hand that feeds IT

Feeds

Consumer Affairs Victoria says App Store contains malware

Consumer advisory on hacked iTunes accounts may go a little too far

By Natalie Apostolou, 19th June 2012
  • print
  • alert

Regcast training : Hyper-V 3.0, VM high availability and disaster recovery

Consumer Affairs Victoria has claimed Apple's App Store houses "counterfeit or 'cloned' apps" that "look like real apps but don't have the same kind of security as those made by established software programmers" and "can expose personal data to malware or predatory, virus-like software which can be used to steal personal information."

The agency makes that claim in a consumer advisory to Apple customers, urging them to change their passwords given increasing levels of ID fraud in the app store. Such incidents see criminals obtain users passwords, then run up large bills on iTunes and in the App Store.

Consumer Affairs Victoria has flagged its concern about such incidents of fraud following queries from irate customers whose accounts have been compromised, resulting in large bills for content and apps. The agency says it is aware that criminals are selling Apple IDs for as little as AUD$33, and that such sales are the source of the fraud. It therefore recommends, Apple customers change their passwords frequently, and steer clear of apps with few reviews. It also quotes Apple as saying customers should contact their financial institution to sort things out, seeing as the fraudulent purchases land on punters' credit cards.

The consumer advocate then makes the claim that predatory software lurks in the App Store, a statement that is at odds with Apple's assurances of a tough vetting process which excludes apps that send personal data to murky destinations.

We've therefore asked Consumer Affairs Victoria just what it means by "counterfeit or 'cloned' apps". A spokesperson has already told she feels the passage about counterfeit apps may not be particularly well-written. We'll let you know once she clarifies if the passage needs further clarification. ®

Agentless Backup is Not a Myth

COMMENTS

House Rules Send Corrections
All Reader Comments (12)
Highly Rated
Franklin

"The consumer advocate then makes the claim that predatory software lurks in the App Store" [citation needed]

It's possible, of course. A clever malware author can probably slip a malicious application past Apple's screening, with enough work.

But until someone actually produces an example, I will tend to suspect that the iTunes IDs are being obtained in other ways. I generally receive one to two emails a month claiming to be from Apple and announcing that my iTunes account has been locked pending me clicking on a dodgy link to "confirm my identity." It's certainly plausible that the examples of compromised iTunes accounts are more down to this and other plain-Jane, garden-variety phishing than to a hypothetical malicious app in the app store.

Like I said, it's possible that some malicious app exists out there...but claims like this require some sort of evidence if they're to be taken seriously.

2
0
Mondo the Magnificent

Hearsay.. that's all

There's a lot of speculation in that Consumer Affairs Victoria report, but zero proof about these so called "cloned / counterfeit Apps" do actually exist.

As Franklin stated, there are emails doing rounds claiming to be from iTunes asking you to reset your iTunes account password. Anyone with half a brain wouldn't reply to these, but some people do, thus providing the sharks with valid iTunes login credentials that "could" be sold on or more than likely used to purchase wares and Apps from the iTunes Store.

Most tech savvy consumers would take this CAV warning with a pinch of salt, however the paranoid among society would avoid iTunes App Store like a plague and echo the warning to people they know.

1
0
Anonymous Coward
Anonymous Coward

Why go to the trouble of trying to get malware into the App store and sandboxed devices when iTunes is a much larger and easier target.

Hundreds of viruses trojans and key loggers are readily available, particularly for older Windows platforms like XP where people may have outdated anti viruses and no anti-trojan software.

Apple has also been increasing security in iTunes recently, presumably due to increased fraud.

1
0

More from The Register

breaking news
NSA PRISM snoop-gate: Won't someone think of the children, wails Apple
10,000 things probed, mostly about missing kids, Alzheimer patients, we're told
96
breaking news
NSA PRISM-gate: Relax, GCHQ spooks 'keep us safe', says Cameron
Whatever they are up to, it's all above board, we're told
90
PRISM snitch claims NSA hacked Chinese targets since 2009
Snowden suddenly looks safer in Hong Kong after revelations
33
breaking news
US chief spook: Look, we only want to spy on 6.66 BEELLLION of you
Americans assured they are not in the NSA's sights
68
Speech-to-text drives motorists to distraction
Will talking to you mean I crash into that car up ahead, Siri?
30
DHS warns of vulns in hospital medical equipment
Has your doctor's anasthesia machine been hacked?
17
breaking news
'BadNews is malware' says outfit that found it
Google says code harmless but Lookout says code base is evolving
15
Panda-peddlers cuffed for chess gambling gambit
More porridge on the menu for Chinese coders after second offence
13
breaking news
Yes, maybe we should keep hackers in the clink for YEARS, mulls EU
Watch out black hats, they just might throw away the key
39
Internet fraud still stings suckers
Australians twice as gullible as Americans
35