Skip the navigation

Hackers target iPad owners with bogus update

Dupe Windows users into downloading backdoor Trojan; Mac owners not at risk

April 26, 2010 03:45 PM ET

Computerworld - Hackers are targeting iPad users with bogus update messages that dupe them into downloading malicious code onto their Windows PCs, a security researcher said today.

The messages claim that a recent update to iTunes has been released for the iPad, according to Romanian security company BitDefender. "It is very important to keep the software on your iPad updated for best performance, newer features and security," the message reads. "To get the latest version of iTunes software, please go to ... and install the application."

The link in the message leads to a copycat of the legitimate iTunes download site, where users are asked to approve the download of a file dubbed "itunessetup.exe."

The file masquerading as the iTunes update is actually a Trojan horse that injects code into Windows' "explorer.exe" process and opens a backdoor for hackers, who then use that entrance to add more malware to the PC. The "Backdoor.Bifrose.AADY" Trojan also tries to snatch activation keys from various programs on the hacked machine and steals passwords for instant messaging clients and e-mail accounts.

Apple last refreshed the Windows and Mac software on March 30, when it updated iTunes to version 9.1; it has yet to release an update for the iPad.

"The trick is pretty simple," said Catalin Cosoi, senior antivirus and malware researcher for BitDefender. "When you have the iPad you do expect to receive messages, maybe not e-mail, but messages of some sort [from Apple] that 'We have finished an update, you have to get this update,'" Cosoi added. "They're clever to do it this way."

But because Mac users are not vulnerable to the attack, even if they head to the bogus iTunes download site, the impact of the malware-planting campaign will likely be low, Cosoi said. "If they were able to target Mac customers, it would have spread like wildfire, but because most antivirus companies detect this [Trojan], it's aimed at Windows users who have bought an iPad and who also don't run a security product."

Cosoi was unable to quantify the extent of the spam campaign, but speculated that if it mimicked others, it would be large and of short duration to trick as many people in the relatively small pool of possible victims as possible before the news got out.

Previously, Apple said it had sold more than half a million iPads in the first week of availability, although that number included all pre-orders of the WiFi-only models, which were delivered to customers April 3. However, other estimates, including one by Chitika Research, now put iPad sales above the 1 million mark.



Our Commenting Policies
Consumerization of IT: Get the latest
consumer tech

Our new weekly Consumerization of IT newsletter covers a wide range of trends including BYOD, smartphones, tablets, MDM, cloud, social and what it all means for IT. Subscribe now and stay up to date!