Researchers at Palo Alto Networks recently uncovered a new family of malware called WireLurker, which targets both Mac OS X computers and Apple iOS mobile devices.
After first infecting a Mac OS X computer, the malware is then able to infect an iOS device by “lurking on the wire” while the device is being synced via USB — hence the name WireLurker.
The malware has been found in 467 OS X applications on China’s third-party Maiyadi App Store. Over the past six months, those 467 malicious apps were downloaded more than 356,104 times, so the malware may have already impacted hundreds of thousands of users.
It’s capable of stealing a variety of data from infected devices, and regularly requests updates from a command and control server. “This malware is under active development and its creator’s ultimate goal is not yet clear,” Palo Alto researcher Claud Xiao wrote in a blog post.
According to the researchers, WireLurker is the first known malware family capable of infecting installed iOS applications in a manner similar to traditional viruses, and is the first in-the-wild malware family that can install third party applications on non-jailbroken iOS devices through enterprise provisioning.
“WireLurker is unlike anything we’ve ever seen in terms of Apple iOS and OS X malware,” Palo Alto intelligence director Ryan Olson said in a statement. “The techniques in use suggest that bad actors are getting more sophisticated when it comes to exploiting some of the world’s best-known desktop and mobile platforms.”
The researchers advise users to take the following steps to mitigate the threat from WireLurker:
- Enterprises should assure their mobile device traffic is routed through a threat prevention system
- Employ an antivirus or security protection product for the Mac OS X system and keep its signatures up-to-date
- In the OS X System Preferences panel under “Security & Privacy,” ensure “Allow apps downloaded from Mac App Store (or Mac App Store and identified developers)” is set
- Do not download and run Mac applications or games from any third-party app store, download site or other untrusted source
- Keep the iOS version on your device up to date
- Do not accept any unknown enterprise provisioning profile unless an authorized, trusted party (e.g. your IT corporate help desk) explicitly instructs you to do so
- Do not pair your iOS device with untrusted or unknown computers or devices
- Avoid powering your iOS device through chargers from untrusted or unknown sources
- Similarly, avoid connecting iOS devices with untrusted or unknown accessories or computers (Mac or PC)
- Do not jailbreak your iOS device; if you do jailbreak it, only use credible Cydia community sources and avoid the use or storage of sensitive personal information on that device
Still, Apple told Bloomberg yesterday that users should now be protected from the malware. “We are aware of malicious software available from a download site aimed at users in China, and we’ve blocked the identified apps to prevent them from launching,” Apple said in a statement.
“As always, we recommend that users download and install software from trusted sources,” the company added.
Malwarebytes Labs malware intelligence analyst Jovi Umawing told eSecurity Planet by email that WireLurker provides a glimpse of the types of threats iOS users could face in the future. “The popular notion is that Apple products are more secure than Windows because most of the malware we see is Windows-centric, so people tend to put more trust and confidence on their iPhones and Mac computers,” he said.
“However, all operating systems can be infected and each has their own vulnerabilities,” Umawing added. “If users are not careful with how they secure these devices, what websites they access, or where they download apps or files from, the end result may likely result in an infection, fraud, or both.”
Photo courtesy of Shutterstock.