Seemingly benign “Jekyll” app passes Apple review, then becomes “evil”

Computer scientists say they found a way to sneak malicious programs into Apple's exclusive app store without being detected by the mandatory review process that's supposed to automatically flag such apps.

The researchers from the Georgia Institute of Technology used the technique to create what appeared to be a harmless app that Apple reviewers accepted into the iOS app store. They were later able to update the app to carry out a variety of malicious actions without triggering any security alarms. The app, which the researchers titled "Jekyll," worked by taking the binary code that had already been digitally signed by Apple and rearranging it in a way that gave it new and malicious behaviors.

"Our method allows attackers to reliably hide malicious behavior that would otherwise get their app rejected by the Apple review process," the researchers wrote in a paper titled Jekyll on iOS: When Benign Apps Become Evil. "Once the app passes the review and is installed on an end user's device, it can be instructed to carry out the intended attacks. The key idea is to make the apps remotely exploitable and subsequently introduce malicious control flows by rearranging signed code. Since the new control flows do not exist during the app review process, such apps, namely Jekyll apps, can stay undetected when reviewed and easily obtain Apple’s approval."

Read 4 remaining paragraphs | Comments


Spammers Googly over Ongoing Ashes Series

Contributor: Sujay Kulkarni


The Ashes Test cricket series, one of most popular Test series in cricket, is played between England and Australia. It is played alternately in England and Australia and is the oldest test rivalry between these two sides. Cricket fans are glued to the TV and their online devices to watch this riveting series.

In the current Ashes series England is leading 3-0 and is on the cusp of creating history against Australia—if they beat them hands down in the last test match, which now is a real possibility. However, what is making the rounds is not Scholes, Carrick, or Robin Van Persie, but Captain Cook and his elite squad waiting to steamroll Australia.

This interesting scenario has got scammers smacking their lips. They have come up with a trick to lure you into sending them your personal information over email because your email address has won  "242,500,000 USD in the 2013 ASHES SERIES".

Here is the catch, you have one obligation to fulfill by replying back to the scammer with your "personal details". Well, that would set the ball rolling for the scammer, wouldn't it?

In a typical 419 spam, the scammer mentions in the email that you have won—an award of $50,000 USD for example—and asks you to reply back with your personal details, immediately to claim the money.

Symantec customers should take the following precautionary measures to stay safe:

  • Update operating system patches when prompted
  • Update the antivirus patches regularly
  • Do not open any unsolicited emails when you do not recognize the sender or the subject and avoid clicking on suspicious email attachments
  • When dealing with unsolicited mails avoid sending any personal details, especially to unknown persons

Enjoy the ongoing the Ashes Test cricket series without getting bowled over by any Spammer’s googly.