The file presents itself as 'firmware 1.1.3 prep', a utility said to prepare the handset for an upcoming software update.
Malicious activity does not occur when the software is installed; the damage is done when the user attempts to remove the malware. On deletion, the 'prep' file also removes a number of other legitimate files from the iPhone.
Security firm F-Secure credits the administrators of iPhone download site Modmyifone with publicising the attack and tracking down the author.
The administrators of Modmyifone claim that they have contacted the author's parents, and that the site hosting the malicious code has been taken down.
Since the first third-party iPhone applications were released last summer, their regulation has rested largely on the shoulders of the user community.
Apple has washed its hands of the unofficial software, saying that, while it would not take special steps to remove any iPhone hacks, it would not support or take responsibility for damage caused by third-party software.
Although this latest attack has been taken down, security firms are warning iPhone users to be very careful when installing third-party software on the mobile device.
McAfee recommends that iPhone users install only official firmware updates, and the US Computer Emergency Response Team advises users to download files only from trusted websites.
"Hopefully this serves as a warning for those who have opened their iPhones using a security hole in the system and installed unverified software without a second thought," wrote F-Secure chief research officer Mikko Hyppönen.
"This time it was an 11 year-old playing with XML files who created the Trojan. Next time it might be someone with more skills and specific targets."
.jpg&h=140&w=231&c=1&s=0)
iTnews State of Security Breakfast
iTnews State of Data & AI Breakfast
Forrester's AI Forum Sydney
The 2026 iAwards
.jpg&w=120&c=1&s=0)
Integrate 2026
_(1).jpg&h=140&w=231&c=1&s=0)
