Malicious repos

[wraggster]

via pdroms

We have found this interesting report from Ste, about a malicious repo for the iPhone. The issues are already solved, but by posting these lines here, we want to open your eyes, that even the iPhone can be affected by kiddies and so called hackers.

Read on:

The repository "Silver Repo", with a maintainer of "Mikey", a category of "Cool" and a URL of "jmwiki.com/repo" is malicious. Remove this Source from Installer as fast as you can.

Note: the problem app was originally found by an IRC user named "DeathHobbit". Another IRC user, named "Francis", figured out what Source that app came from and the original warning to the public was posted on the "ModMyiFone" forums. My thanks to all involved!

He has several malicious apps:

One is called "Important UPDATE", with a description of "An important system update.". It's not clear, from looking at the plist file, if it will show up in the "System" category or the "UPDATES" category.

Another is called "iPhone firmware 1.1.3 prep", with a description of "An important system update. Install this before updating to the new 1.1.3 firmware." As with the other, it's not clear, from looking at the plist file, if it will show up in the "System" category or the "UPDATES" category.

Both of these packages are BOGUS. What they do is download the zip file of Erica's Utilities, version 0.53, from one of *my* mirrors. It then installs it. If you uninstall his package, it will uninstall the files it installed. What this means is that if you had Erica's Utilities installed already, it will overwrite them, during installation and uninstall them during uninstallation, but Installer will think the Erica's Utilites are still installed - but it's files will have been ripped out from under it. Any other app that uses any of the files in her package will break too. If you didn't have Erica's Utilites installed, then installing and removing either of these packages will do no harm.

He has a third package called "Jo Mama", with a description of "Potatoes are burning to the ground", in the "JMCO Apps" category, that installs/uninstalls an old version of my OpenSSH app. This will conflict with any other ssh app you have installed. The zip file, in this case, comes from Nullriver’s site, where they once briefly hosted it for me.

The plist files for all three of these apps are lifted directly from me, with the name, description and category changed.

I've looked up the owner of the domain and called and left a message for him.

More, as I get it.

UPDATE: New information suggests this might be the prank of an 11 year old boy, heh.

UPDATE: Yes, it was a kid, I've spoken to his dad and the site will be coming down. End of story.

-stehttp://blog.psmxy.org/2008/01/05/warning-malicious-repo/

[Man]

Lol an 11 year old. good thing i havent been to the repos in like a couple of days