Researchers Uncover iPhone Pharming Attacks

By Matthew Hines  |  Posted 2008-09-25 Print this article Print

Researchers at Panda Security's PandaLabs have discovered a set of malware-ridden pharming attacks that aim to lure in users by offering video clips of Apple's popular iPhone mobile handset.

Panda reported Sept. 24 that it found the iPhone-themed campaign circulating the Banker.LKCTrojan attack, a malware program designed to lift users' personal information once it is installed.

Earlier in September attackers unleashed another iPhone-themed attack through which they attempted to trick users into downloading a Trojan that was disguised as a game for iPhone handsets.

"The aim of these pharming attacks is to steal confidential user information; the malicious payload of the Trojan can result in users being redirected to fraudulent Web pages when they try to access their online bank," Panda Security said in an advisory. "Victims of this attack could find that their bank details end up in the hands of cyber-crooks."

Pharming attacks involve the manipulation of DNS (Domain Name Server) information via the configuration of TCP/IP or a host file so that when a user attempts to access a hacked Web page, the user is redirected to a different IP address.

In the iPhone pharming campaign, the Banker.LKCTrojan is responsible for modifying the DNS and opens a browser window displaying a URL selling iPhones.

"When users view this page, the Trojan modifies the host's file redirecting URLs of banks and other companies to a false Web page," Panda reported. "This way, users trying to access these banks by typing in the address or accessing them from an Internet search will be redirected to the spoof page. Here they will be asked for confidential details (account number, transaction password, etc.) which will be falling straight into the hands of cyber-crooks."

According to the company, the manipulation of the host's file doesn't produce any other suspicious effect on a computer, making it even harder to detect.

"Cyber-crooks are obviously aiming to use the information they gather to empty users' accounts," warned Luis Corrons, technical director of PandaLabs. "The iPhone is used in this case as bait to attract users into running the file containing malicious code."

Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWEEK and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to |

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel