Fast food chain KFC has had more than its fair share of Kentucky Fried WHAT? myths busted over the years. However, some of the stories turn out to be genuine such as the breaded and deep fried kidney that was discovered by Ibrahim Langoo in a KFC in Colchester, England recently.

I was therefore intrigued to learn that a worm had been found inside a KFC product. When I spotted that the press release detailing this came from the PR people at Internet security specialists McAfee I kind of started to realise that this was no food story, but rather an IT one. But that doesn't make it any the less disturbing, just disturbing from a different angle.

Yep, the labs team at McAfee have identified a Windows worm residing in each Android device that has installed the ‘KFC WOW@25 Menu’. McAfee insists that although the malware poses no security danger for Android devices, the same application has been proven to be dangerous to other mobile and PC platforms and as such is of concern.

Apparently, the generic 'Malware.og!ats' worm was found to be embedded within an APK file and replicates itself via network shares. Although there is no auto-execution option for the malware itself on a Windows PC, McAfee warns that a user could run the malicious application by opening the APK (in Zip format) and then running the program.

OK, so it's a bit of a stretch that this worm is going to do anyone any harm, unless they take some pretty long-winded and stupid steps to ensure it could. That doesn't excuse the developers of the app for letting it burrow into the code in the first place though. As Fernando Ruiz, a mobile malware researcher with McAfee points out: "When a legitimate Android application contains a malicious file such as this one (for a Windows PC), it is likely this has occurred due to neglect on the part of the developer. This neglect can be as simple as not securing the development environment."

Edited by peter_budo: removed sticky, 4 weeks old

4 Years
Discussion Span
Last Post by peter_budo

in other words KFC used a 3rd party API that came to them loaded with a worm that targets a different operating system than the one for which the API was created?

Brilliant, worthy of the dailyWTF. The creator of the API that is, and likely the one of the worm as well.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.