f5-nz logo
Story image

New iPhone malware steals online banking credentials

24 Nov 2009

A new piece of malware based on the recent Ikee worm has the ability to steal online banking credentials from jailbroken iPhones.

The new malware – known as ‘Duh’ – is said to be based on the Ikee worm spread recently by a young Australian hacker. However, the characteristics of ‘Duh’ are much more malicious.

“It is much more serious than Ikee because it is not limited to infecting iPhone users in Australia, and communicates with an internet ‘control and command’ centre, downloading new instructions and effectively turning your iPhone into part of a botnet,” said Sophos senior technology consultant Graham Cluley.

Chester Wisniewski of Sophos suggested that users either restore their phones to the Apple-supplied firmware or consider purchasing a different phone if they didn’t want to limit themselves to officially sanctioned applications.“If you want freedom of application choice, perhaps you should consider an Android-based phone rather than hacking your device into a potentially insecure state,” wrote Wisniewski in a blog post on the Sophos website.