This IOS malware buys Apple applications for you – if you want it or not

Researchers from paloaltonetworks.com and the WeiPhone Technical Group have found an IOS malware sample which affects jailbreaked iPhone devices. The malware has been dubbed “AppBuyer”.

The malware is setup in such a way that it will steal the Apple ID credentials. Once it has stolen the credentials, it will buy specific Apple applications. The creators behind the malware are using the Apple environment to earn serious money via the Apple environment.

First the hackers infect the device, once the device has been hacked, the device will upload the Apple ID credentials. Once the hacker obtains the credentials, the hacker will be able to buy specific applications which might generate an solid revenue for the hacker.

Domains used by the IOS AppBuyer malware

Domain IP
www.jb-app.com 223.6.250.229

Antivirus analyses of the malicious AppBuyer domain

Antivirus Result
CLEAN MX Clean Site
MalwarePatrol Clean Site
ZDB Zeus Clean Site
Netcraft Unrated Site
K7AntiVirus Clean Site
Quttera Clean Site
AegisLab WebGuard Clean Site
MalwareDomainList Clean Site
ZeusTracker Clean Site
zvelo Clean Site
Google Safebrowsing Clean Site
Kaspersky Unrated Site
BitDefender Clean Site
Opera Clean Site
VX Vault Clean Site
G-Data Clean Site
C-SIRT Clean Site
CyberCrime Clean Site
Websense ThreatSeeker Clean Site
AutoShun Unrated Site
Webutation Clean Site
Dr_Web Malicious Site
ADMINUSLabs Clean Site
Malwarebytes hpHosts Clean Site
Wepawet Unrated Site
AlienVault Clean Site
Emsisoft Clean Site
Malc0de Database Clean Site
SpyEyeTracker Clean Site
Phishtank Clean Site
Malwared Clean Site
Avira Clean Site
StopBadware Unrated Site
Antiy-AVL Clean Site
malwares_com URL checker Clean Site
Comodo Site Inspector Clean Site
Malekal Clean Site
ESET Clean Site
Sophos Unrated Site
Yandex Safebrowsing Clean Site
SecureBrain Clean Site
Malware Domain Blocklist Clean Site
ZCloudsec Clean Site
PalevoTracker Clean Site
CRDF Clean Site
ThreatHive Clean Site
ParetoLogic Clean Site
Tencent Clean Site
URLQuery Unrated Site
Sucuri SiteCheck Clean Site
Fortinet Unrated Site
SCUMWARE_org Clean Site