{"id":14113,"date":"2013-05-03T10:21:12","date_gmt":"2013-05-03T17:21:12","guid":{"rendered":"http:\/\/www.intego.com\/mac-security-blog\/?p=14113"},"modified":"2020-05-04T23:47:45","modified_gmt":"2020-05-05T06:47:45","slug":"flagged-ios-app-not-cause-for-concern","status":"publish","type":"post","link":"https:\/\/www.intego.com\/mac-security-blog\/flagged-ios-app-not-cause-for-concern\/","title":{"rendered":"Flagged iOS App Not Cause For Concern"},"content":{"rendered":"<p>It&#8217;s been reported that one <a href=\"http:\/\/www.macworld.com\/article\/2037099\/ios-app-contains-potential-malware.html\" target=\"_blank\" rel=\"noopener noreferrer\">AV product is detecting a product on the App Store<\/a> as Trojan.JS.iframe.BKD. To the trained eye, this detection name can tell us something about the nature of the detection, which is fairly important before we go any further.<\/p>\n<ul>\n<li><strong>Trojan<\/strong><br \/>\nThe first part of the detection name tells us that this is a Trojan, not a virus. So that&#8217;s good news &#8211; the detection is not saying that this is something that will try to spread on its own.<\/li>\n<li><strong>JS.iframe<\/strong><br \/>\nThe next part means that this detection is for a JavaScript iframe. An iframe is a way of embedding an object in a web page, frequently directing the visitor to another site. Looking at the file, this is an accurate description, if not necessarily helpful. Sometimes an iframe can be benign, sometimes it can be malicious. The use of an iframe is not in and of itself harmful.<\/li>\n<li><strong>BKD<br \/>\n<\/strong>This is what&#8217;s referred to as the variant name. <a href=\"https:\/\/www.intego.com\/mac-security-blog\/how-does-malware-naming-work\/\">You may recall<\/a> that this starts with the first variant named A and goes to Z, then starts again at AA and goes to ZZ, repeat ad nauseum. Let&#8217;s just say this is a very, very late variant, as my head starts spinning when we get past ZZ (which is something like 676, if my math is not totally off). Suffice it to say, this is a very, very common technique used by malware authors, usually for drive-by downloads.<\/li>\n<\/ul>\n<p>Here&#8217;s the thing about this kind of detection &#8211; it can be really tricky, since the iframe codes can be very, very small. If a researcher get just a little too generic with such a detection, it can set off false alarms or just overly-paranoid alarms. And sometimes, as a researcher, you can get samples of things that are incomplete, which can give you a different view of something that is relatively innocuous (or at least not really cause for alarm). It seems that probably one of these situations is at play here. This <a href=\"http:\/\/www.imore.com\/ios-app-flagged-malware-and-why-you-shouldnt-worry-about-it\">iMore article<\/a> gives a more thorough analysis of the site that is the destination of the iframe, and it&#8217;s been shut down for several years.<\/p>\n<p>I&#8217;m not giving the app a pass, as including an invisible iframe to a site that doesn&#8217;t <em>currently<\/em> have any content is just weird. At best, it&#8217;s evidence of poor coding practices. But it&#8217;s not cause for panic or freaking out about the App Store vetting process either. I think we can all stay calm and have a nice, relaxing weekend.<\/p>\n<p><span style=\"font-size: x-small;\"><em>Simply Find It screenshots <a href=\"https:\/\/itunes.apple.com\/us\/app\/simply-find-it\/id434167676?mt=8\">courtesy of the App Store<\/a><\/em><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>It&#8217;s been reported that one AV product is detecting a product on the App Store as Trojan.JS.iframe.BKD. To the trained eye, this detection name can tell us something about the nature of the detection, which is fairly important before we go any further. Trojan The first part of the detection name tells us that this [&hellip;]<\/p>\n","protected":false},"author":6,"featured_media":12267,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false},"categories":[190],"tags":[317,3151,389,69],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v17.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<meta name=\"description\" content=\"It&#039;s been reported that one AV product is detecting a product on the App Store as Trojan.JS.iframe.BKD. To the trained eye, this detection name can tell\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.intego.com\/mac-security-blog\/flagged-ios-app-not-cause-for-concern\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Flagged iOS App Not Cause For Concern - The Mac Security Blog\" \/>\n<meta property=\"og:description\" content=\"It&#039;s been reported that one AV product is detecting a product on the App Store as Trojan.JS.iframe.BKD. To the trained eye, this detection name can tell\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.intego.com\/mac-security-blog\/flagged-ios-app-not-cause-for-concern\/\" \/>\n<meta property=\"og:site_name\" content=\"The Mac Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2013-05-03T17:21:12+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-05-05T06:47:45+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2013\/03\/app-store.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"500\" \/>\n\t<meta property=\"og:image:height\" content=\"300\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Lysa Myers\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\",\"name\":\"Intego\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"sameAs\":[],\"logo\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"width\":875,\"height\":875,\"caption\":\"Intego\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\"}},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"name\":\"The Mac Security Blog\",\"description\":\"Keep Macs safe from the dangers of the Internet\",\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/flagged-ios-app-not-cause-for-concern\/#primaryimage\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2013\/03\/app-store.jpg\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2013\/03\/app-store.jpg\",\"width\":\"500\",\"height\":\"300\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/flagged-ios-app-not-cause-for-concern\/#webpage\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/flagged-ios-app-not-cause-for-concern\/\",\"name\":\"Flagged iOS App Not Cause For Concern - The Mac Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/flagged-ios-app-not-cause-for-concern\/#primaryimage\"},\"datePublished\":\"2013-05-03T17:21:12+00:00\",\"dateModified\":\"2020-05-05T06:47:45+00:00\",\"description\":\"It's been reported that one AV product is detecting a product on the App Store as Trojan.JS.iframe.BKD. To the trained eye, this detection name can tell\",\"breadcrumb\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/flagged-ios-app-not-cause-for-concern\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.intego.com\/mac-security-blog\/flagged-ios-app-not-cause-for-concern\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/flagged-ios-app-not-cause-for-concern\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.intego.com\/mac-security-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Flagged iOS App Not Cause For Concern\"}]},{\"@type\":\"Article\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/flagged-ios-app-not-cause-for-concern\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/flagged-ios-app-not-cause-for-concern\/#webpage\"},\"author\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/12b11624d5a648c576d8dce6f93b230a\"},\"headline\":\"Flagged iOS App Not Cause For Concern\",\"datePublished\":\"2013-05-03T17:21:12+00:00\",\"dateModified\":\"2020-05-05T06:47:45+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/flagged-ios-app-not-cause-for-concern\/#webpage\"},\"wordCount\":440,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/flagged-ios-app-not-cause-for-concern\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2013\/03\/app-store.jpg\",\"keywords\":[\"App Store\",\"Apple\",\"Apps\",\"iOS\"],\"articleSection\":[\"Malware\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.intego.com\/mac-security-blog\/flagged-ios-app-not-cause-for-concern\/#respond\"]}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/12b11624d5a648c576d8dce6f93b230a\",\"name\":\"Lysa Myers\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/783af524dca7753ceb3cd9a576398a0e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/783af524dca7753ceb3cd9a576398a0e?s=96&d=mm&r=g\",\"caption\":\"Lysa Myers\"},\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/author\/lysam\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"description":"It's been reported that one AV product is detecting a product on the App Store as Trojan.JS.iframe.BKD. To the trained eye, this detection name can tell","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.intego.com\/mac-security-blog\/flagged-ios-app-not-cause-for-concern\/","og_locale":"en_US","og_type":"article","og_title":"Flagged iOS App Not Cause For Concern - The Mac Security Blog","og_description":"It's been reported that one AV product is detecting a product on the App Store as Trojan.JS.iframe.BKD. To the trained eye, this detection name can tell","og_url":"https:\/\/www.intego.com\/mac-security-blog\/flagged-ios-app-not-cause-for-concern\/","og_site_name":"The Mac Security Blog","article_published_time":"2013-05-03T17:21:12+00:00","article_modified_time":"2020-05-05T06:47:45+00:00","og_image":[{"width":"500","height":"300","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2013\/03\/app-store.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_misc":{"Written by":"Lysa Myers","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Organization","@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization","name":"Intego","url":"https:\/\/www.intego.com\/mac-security-blog\/","sameAs":[],"logo":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","width":875,"height":875,"caption":"Intego"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo"}},{"@type":"WebSite","@id":"https:\/\/www.intego.com\/mac-security-blog\/#website","url":"https:\/\/www.intego.com\/mac-security-blog\/","name":"The Mac Security Blog","description":"Keep Macs safe from the dangers of the Internet","publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/flagged-ios-app-not-cause-for-concern\/#primaryimage","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2013\/03\/app-store.jpg","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2013\/03\/app-store.jpg","width":"500","height":"300"},{"@type":"WebPage","@id":"https:\/\/www.intego.com\/mac-security-blog\/flagged-ios-app-not-cause-for-concern\/#webpage","url":"https:\/\/www.intego.com\/mac-security-blog\/flagged-ios-app-not-cause-for-concern\/","name":"Flagged iOS App Not Cause For Concern - The Mac Security Blog","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/flagged-ios-app-not-cause-for-concern\/#primaryimage"},"datePublished":"2013-05-03T17:21:12+00:00","dateModified":"2020-05-05T06:47:45+00:00","description":"It's been reported that one AV product is detecting a product on the App Store as Trojan.JS.iframe.BKD. To the trained eye, this detection name can tell","breadcrumb":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/flagged-ios-app-not-cause-for-concern\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.intego.com\/mac-security-blog\/flagged-ios-app-not-cause-for-concern\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.intego.com\/mac-security-blog\/flagged-ios-app-not-cause-for-concern\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.intego.com\/mac-security-blog\/"},{"@type":"ListItem","position":2,"name":"Flagged iOS App Not Cause For Concern"}]},{"@type":"Article","@id":"https:\/\/www.intego.com\/mac-security-blog\/flagged-ios-app-not-cause-for-concern\/#article","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/flagged-ios-app-not-cause-for-concern\/#webpage"},"author":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/12b11624d5a648c576d8dce6f93b230a"},"headline":"Flagged iOS App Not Cause For Concern","datePublished":"2013-05-03T17:21:12+00:00","dateModified":"2020-05-05T06:47:45+00:00","mainEntityOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/flagged-ios-app-not-cause-for-concern\/#webpage"},"wordCount":440,"commentCount":0,"publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/flagged-ios-app-not-cause-for-concern\/#primaryimage"},"thumbnailUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2013\/03\/app-store.jpg","keywords":["App Store","Apple","Apps","iOS"],"articleSection":["Malware"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.intego.com\/mac-security-blog\/flagged-ios-app-not-cause-for-concern\/#respond"]}]},{"@type":"Person","@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/12b11624d5a648c576d8dce6f93b230a","name":"Lysa Myers","image":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#personlogo","inLanguage":"en-US","url":"https:\/\/secure.gravatar.com\/avatar\/783af524dca7753ceb3cd9a576398a0e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/783af524dca7753ceb3cd9a576398a0e?s=96&d=mm&r=g","caption":"Lysa Myers"},"url":"https:\/\/www.intego.com\/mac-security-blog\/author\/lysam\/"}]}},"jetpack_featured_media_url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2013\/03\/app-store.jpg","jetpack_publicize_connections":[],"jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p4VAYd-3FD","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/14113"}],"collection":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/comments?post=14113"}],"version-history":[{"count":10,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/14113\/revisions"}],"predecessor-version":[{"id":91329,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/14113\/revisions\/91329"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media\/12267"}],"wp:attachment":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media?parent=14113"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/categories?post=14113"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/tags?post=14113"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}