A fake software upgrade may have infected an iPhone near you with the first known Trojan that targets the popular mobile phone. The Trojan appears to be timed to rumors that claim new features in an upcoming iPhone firmware upgrade. A number of news sites and blogs cited a report published by CNET France that claimed an imminent iPhone update would feature a disk mode, which would allow the iPhone to be used as a portable flash drive and voice recorder.
“This Trojan claims to be a tool used to prepare the device for an upgrade to firmware version 1.1.3,” the US-CERT advisory said. “When a user installs the Trojan, other application components are altered. If the Trojan is uninstalled, the affected applications may also be removed.”
It isn’t unusual for malware authors to write their programs with a current events touch. The Storm worm initially spread through an e-mail message that talked about a recent January 2007 winter storm. With the Consumer Electronics show this week and the Macworld Conference & Expo next week, a Trojan is more likely to fool more people because new innovations are expected to be released to the public.
Symantec identified the Trojan as “iPhone firmware 1.1.3 prep.” Symantec security researcher Orla Cox thinks that installing the software doesn’t appear to have much of an effect on the iPhone, but warns that uninstalling it could overwrite other iPhone applications.
“This is technically the first Trojan horse seen for the iPhone, however it does appear to be more of a prank than an actual threat,” said Cox. “The impact of uninstalling the ‘Trojan’ would appear to be an unintended side effect. The risk to users is minimal as they would have to choose to install the bogus package and the site which was hosting it has now been taken offline. Nevertheless, iPhone users should exercise caution regarding the packages they choose to install on their phones.”