Security firm F-Secure has uncovered the existence of a new iPhone worm, said to be more dangerous than the first because it can act like a botnet. It is targeting people in the Netherlands who are using their iPhones to bank online with ING.
Like the first iPhone worm – called ikee – this one targets jailbroken phones, devices that have been modified so they can run software not authorised by Apple. Users running SSH (secure shell), which enables file transfers between iPhone, but have not changed the default password are particularly at risk.
According to F-Secure the worm acts like a botnet, which means that it can steal data from the phone and be accessed and controlled remotely. Attackers can also change the password on the phone, so users cannot get back in.
“It’s the second iPhone worm ever and the first that’s clearly malicious – there’s a clear financial motive behind it, F-Secure research director Mikko Hypponen told the BBC.
This latest iPhone malware is doubly criminal. Not only does it break into your iPhone without permission, but it also cedes control of your phone to a botnet command server in Lithuania, said Graham Cluley, senior technology consultant at Sophos. That means your iPhone has just been turned into a zombie, ready to download and to perform any commands the cybercriminals might want in the future. If infected, you have to consider all of the data that passes through your iPhone compromised.”