iPhone bankers bitten by worm

Another iPhone worm has stuck its head out of an Apple security hole. The new worm targets jailbroken phones being used by internet customers of Dutch bank Ing Direct and redirects them to a lookalike login screen in order to steal their passwords. The bank has posted a warning to users on its website.

The worm is the first malicious infestation to hit the iPhone, the first merely displaying a picture of 1980’s crooner Rick Astley – although music lovers might claim that was pretty malicious as well.

The new worm can also recruit iPhones to a botnet and can jump from one phone to others using the same wi-fi hotspot, says security outfit F-Secure.

“It’s the second iPhone worm ever and the first that’s clearly malicious – there’s a clear financial motive behind it,” says F-Secure research director Mikko Hyponen.

“It’s fairly isolated and specific to Netherlands but it is capable of spreading.”

Owners of jailbroken iPhones are recommended to change their SSH password from the default ‘Alpine’ in order to block the worm.

F-Secure has posted details of the worm, which phones home to a site in Lithuania, on its blog here.