Lightning strikes again: iPhone malware gets truly malicious

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

iPhone lightning
Two weeks ago I reported on Ikee, the world’s first iPhone worm which was spreading between jailbroken devices in Australia, replacing wallpaper with an image of Rick Astley.

As Chet reports on his blog, this weekend has seen the discovery of a new example of iPhone malware in the shape of a worm (dubbed “Duh” after a section of its code) that is reported to be much more malicious in intent than Ikee.

The new worm is similar to the original Ikee worm (and the recently discovered iPhone hacking tool) in so much as it only infects jailbroken iPhones, where users have installed OpenSSH and not changed the default password (“alpine”).

However, it is much more serious than the original Ikee worm because it is not limited to infecting iPhone users in Australia, and communicates with an internet Control & Command centre, downloading new instructions – effectively turning your iPhone into part of a botnet.

Sign up to our free newsletter.
Security news, advice, and tips.

Furthermore, it appears to be designed to steal information from users of online banking services. Indeed, the BBC is reporting that ING Direct is briefing its call centres so workers can provide advice about the worm to Dutch customers.

Two weeks is all it took for a jokey Rick Astley worm to be adapted into something which creates a criminal botnet and apparently designed to steal money from innocent users.

Some may have thought that the Ikee iPhone worm was a one-off. Some people might have imagined that lightning wouldn’t strike iPhones more than once – but they were wrong. And one thing is certain – you can be sure that if hackers find they can make money out of poorly-secured jailbroken iPhones, they will continue to attack them.

So the (rhetorical) question for Clu-blog readers is this – do you still feel the author of the original Ikee worm did iPhone users a favour? After all, it was him who released the source code of the Ikee worm, and gave the authors of this latest financially-motivated variant the template for infection.

We’ll publish more information about this latest example of iPhone malware as it becomes available. In the meantime, if you have a jailbroken iPhone it might make sense to ensure that you have changed the default password.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.