A new iPhone worm affecting jailbroken units is targeting owners who use their device to access Internet banking services from Dutch online bank ING. BBC News reports that the worm was discovered by security company F-Secure, and uses the same SSH vulnerability—specifically, jailbroken iPhones that have had SSH activated without having the default password changed—to redirect the bank’s customers to an unauthorized look-a-like site with a login screen.
According to F-Secure, this new worm is more dangerous than prior threats because it can behave like a botnet, enabling the phone to be accessed or controlled remotely. “It’s the second iPhone worm ever and the first that’s clearly malicious – there’s a clear financial motive behind it,” F-Secure research director Mikko Hypponen told the BBC.
“It’s fairly isolated and specific to Netherlands but it is capable of spreading.” Hypponen added that while the number of infected phones is thought to still be in the hundreds, the worm could potentially jump from phone to phone when multiple vulnerable devices are running on the network, such as at Wi-Fi hotspots. A spokesperson for ING Bank said the company was going to post a warning about the worm on its official website.
