Malicious iPhone app triggers malware surge
- Reduce text size Decrease text size
- Increase text size Increase text size
- Print article Print
- Jump to comments Comment
- Share this article Share
- Email article to a friend Email
The number of emails with malicious attachments has increased eightfold, according to security firm Sophos, with a malicious iPhone application a major contributor
A malicious trojan disguised as an iPhone application has contributed to an eightfold rise in the number of emails sent with malicious attachments over the past quarter, according to security firm Sophos.
One in every 416 emails sent between July and September had an attachment designed to infect the recipient’s PC, compared with one in 3,333 emails in the previous quarter. One of the worst attacks involved the Agent-HNY trojan, which was disguised as a game for the iPhone called Penguin Panic .
Actual mobile malware is mostly limited to proof-of-concept programs, because of careful monitoring of third-party developers by mobile manufacturers such as Apple and Blackberry maker Research In Motion. But the iPhone trojan identified by Sophos takes advantage of the popularity of the device to spread itself.
The rise in malicious email attachments needs to be seen in context. Over the past few years, the number of malicious attachments sent has declined significantly in favour of links to malicious websites – often spoofed versions of legitimate sites such as YouTube that attack unpatched browser vulnerabilities or trick users into installing malware.
“Too many people are clicking without thinking – exposing themselves to hackers who are hell-bent on gaining access to confidential information and raiding bank accounts,” said Sophos technology consultant Graham Cluely.
“When a spam email appears to come from a trusted source, too many users are fooled and end up clicking through to a malicious webpage,” he said. “The naivety shown by many internet users is downright dangerous.”
Further reading
Mobile insecurity
Is the new wave of Internet-connected mobile devices carving out a gaping hole in enterprise security?
The threat agenda
Information Age’s Enterprise Security 08 conference saw delegates tackle the evolving threats to IT security
Find more stories in the Security & Continuity Briefing Room
