First Sightings of Malicious iPhone Package
Reports started appearing on Saturday regarding the existence of malicious packages for the Apple iPhone. A package called "iPhone firmware 1.1.3 prep", which was described as “An important system update. Install this before updating to the new 1.1.3 firmware.” was reportedly causing problems for iPhone users once uninstalled.
According to various reports, installing the package doesn't have much effect on the iPhone. However, uninstalling it may cause problems, as the malicious package overwrites some other applications during the install. Some of the applications it overwrites are "Erica's Utilities" (a collection of command-line utilities for the iPhone) and OpenSSH. If the user chooses to uninstall the bogus package, these applications will also be removed. Affected users will need to reinstall these applications.
This is technically the first Trojan horse seen for the iPhone, however it does appear to be more of a prank than an actual threat. The impact of uninstalling the "Trojan" would appear to be an unintended side effect. The risk to users is minimal as they would have to choose to install the bogus package and the site which was hosting it has now been taken offline. Nevertheless, iPhone users should exercise caution regarding the packages they choose to install on their phones.