A new discovery has been made in the App Store involving third-party app, Instaquotes Quotes Cards for Instagram. The iOS app contains a specific malware worm known as “Worm.VB-900.”

According to CNET, the iOS app has two executable files buried within its file structure:

instaquotes.ipa/Payload/Instaquotes.app/FBDialog.bundle/FBDialog.bundle.exe
instaquotes.ipa/Payload/Instaquotes.app/FBDialog.bundle/images/images.exe

Since the downloaded .ipa file is a package, these executables could be extracted using the package manager Pacifist, and then more accurately scanned. Aftreward, other malware programs like Sophos that initially missed detecting the malware instantly picked it up and described it as “Mal/CoiDung-A,” a worm written in visual basic that installs files within the Windows system directory and then modifies the Windows registry to execute the malware when the system is restarted.

When installed on a PC, the worm was immediately flagged as malware and removed. Since its discovery, the app appears to have been removed from the App Store. If you happened to download the app while it was available, I’d recommend deleting it.

Why does an infectious app have a 4-star rating?

Though the worm is not a threat to iOS or Mac users, it could potentially harm those who manage their iTunes account on Windows. The worm could possibly be extracted from the app and end up infecting an unsuspecting PC user.

Surprisingly, this isn’t the first time an iOS app was deemed a Trojan. Just a few weeks ago an app called Find and Call surfaced that would upload a user’s contacts to a server and send out mass text messages.

Update: The developer of Instaquotes-Quotes Cards for Instagram has released a statement to AppAdvice in regards to the infected app. This is the statement by AppsStand, the English and grammatical errors are theirs:

“Dear Appadvice ,

we want To let All our Users That we are working To Solve This Problem As Soon As Possible , with a New update .
We want also to Clear That we have Developed This Application by a Freelancer Developer , So we are investigating This issue with The Developer To Solve This Problem As Soon As Possible .

Thanks”

Source: CNET
Via: 9to5Mac
Image: PandaApp