Apple now blocking 'WireLurker' malware targeting Chinese iOS & Mac users
Apple on Thursday announced it has begun taking measures to block apps that contain the so-called "WireLurker" malware, which transmits from a Mac to iOS devices over USB, by preventing the infected applications from launching.
In a statement issued by Apple to The Wall Street Journal on Thursday, the company confirmed that the malicious software is "available from a download site aimed at users in China." In order to stop the spread of the malware, Apple has blocked the applications in question, and is even preventing them from launching on users' Macs.
At total 467 infected applications have been found on the Chinese Maiyadi App Store for Mac OS X systems. That's different from the official Mac App Store, which is controlled and curated by Apple and its own approval process.
Apple has suggested that users only download applications from "trusted sources," such as the Mac App Store.
The malware was first spotlighted on Wednesday by the security experts at Palo Alto Networks. They found that WireLurker has been active in China for the past six months, first infecting Macs by inserting trojan software through repackaged OS X apps, then moving on to iOS devices over wired USB.
The unique method of infecting iOS devices allows WireLurker to bypass the strong security Apple has built for its mobile platform. To date, other viruses targeting the iPhone and iPad have typically focused on "jailbroken" iOS software, which the user has willingly compromised in order to be able to add new unauthorized functions or install stolen applications.
Once it has been installed, WireLurker can access sensitive data such as viewing user contacts or iMessages, and it can also ping a remote server for command-and-control operations. Palo Alto Networks estimates that the 467 infected OS X applications may have been downloaded more than 350,000 times to date, potentially affecting "hundreds of thousands of users."
In a statement issued by Apple to The Wall Street Journal on Thursday, the company confirmed that the malicious software is "available from a download site aimed at users in China." In order to stop the spread of the malware, Apple has blocked the applications in question, and is even preventing them from launching on users' Macs.
At total 467 infected applications have been found on the Chinese Maiyadi App Store for Mac OS X systems. That's different from the official Mac App Store, which is controlled and curated by Apple and its own approval process.
Apple has suggested that users only download applications from "trusted sources," such as the Mac App Store.
The malware was first spotlighted on Wednesday by the security experts at Palo Alto Networks. They found that WireLurker has been active in China for the past six months, first infecting Macs by inserting trojan software through repackaged OS X apps, then moving on to iOS devices over wired USB.
The unique method of infecting iOS devices allows WireLurker to bypass the strong security Apple has built for its mobile platform. To date, other viruses targeting the iPhone and iPad have typically focused on "jailbroken" iOS software, which the user has willingly compromised in order to be able to add new unauthorized functions or install stolen applications.
Once it has been installed, WireLurker can access sensitive data such as viewing user contacts or iMessages, and it can also ping a remote server for command-and-control operations. Palo Alto Networks estimates that the 467 infected OS X applications may have been downloaded more than 350,000 times to date, potentially affecting "hundreds of thousands of users."
Comments
Once again, ? has proven they are the best, period.
WireLurker has been out for months.
Tim has been out for only a week
WireLurker has been out for months.
So it seems, Apple not as fast to react as some think, none the less they're doing something about it now, only a day after I first heard about this malware's existence in the first place, which is good!
WireLurker has been out for months.
Sounds like it was just discovered by a security company and requires downloading software from a 3rd party site. Clearly you don't think Apple can test every single mac software from other sites. If you give them access, thats on you. That is a big difference from drive by infections on websites. This requires you to agree to install it.
This is *completely false*.
If you have a non-jailbroken device, WireLurker attempts to enterprise-load a comic book app onto your phone. The user must accept an enterprise certificate from an unknown company for it to load.
This security is not bypassed, it requires a user to accept the certificate/app.
Apple has also pulled the enterprise certificate already, preventing the app from being loaded or launched.
The security model is working as designed. If a user accepts to install an enterprise app from an unknown company, you can't stop stupid.
Tim has been out for only a week
Even though Apple don't need to do this since it's users's fault, but they still proactively mitigate it. It's like those exploded iPhone chargers...This is why I keep buying Apple products: top notch customer supports
The reporting on this 'malware' was/is absolutely shameful. My god it was one of the top news stories on CNBC this morning (even though the talking heads had no idea what they were talking about). The Verge has a big write up on it as does just mainstream news sites like the Daily Mail. All of the headlines make it appear like this is some serious virus iPhone owners need to be worried about when in actual fact it appears to be isolated to China and there's a lot of social engineering one would have go through in order for this to happen to them. I think the news media should always be more careful when reporting on stuff like this. Instead they just go for the clicks
even NPR is reporting this as significant because Apple devices had been considered impervious "from viruses". morons.
Isn't that the guy from The Big Bang Theory?
Btw that's a very nice suit.
The reporting on this 'malware' was/is absolutely shameful. My god it was one of the top news stories on CNBC this morning (even though the talking heads had no idea what they were talking about). The Verge has a big write up on it as does just mainstream news sites like the Daily Mail. All of the headlines make it appear like this is some serious virus iPhone owners need to be worried about when in actual fact it appears to be isolated to China and there's a lot of social engineering one would have go through in order for this to happen to them. I think the news media should always be more careful when reporting on stuff like this. Instead they just go for the clicks
Many news reporters, such as those at WSJ, love to publish stories negative on Apple.
Unfortunately for them their reports are often just crap, probably because they didn't wait for an intelligent report by others.
It's official people, journalistic integrity is dead.:no:
my american friends were telling me how the mighty apple has fallen because of the viruses from this and iworm. what they fail to realise is that the 3rd party apps from china are for jailbroken devices- yes it can travel to the computer through usb, but that will be taken care of seen enough. iworm was baked into the unreleased version of Yosemite (unless i am mistaken).
point is if you do not want viruses- you are only as safe as the system you are running. if you do not jailbreak and download apple's own free software, then expect problems.
it will no doubt get harder for apple as they are getting more popular, but i trust them before i trust those sh*theads at Redmond or NSA's call girl (google). get a virus with them and it is tough luck.
So let's compare this to Microsoft and Windows which every month puts out a 'patch Tuesday' to fix a slate of new security vulnerabilities. Where's the tech pundit hue and cry and blazing headlines for each of the security exploits, and for the length of time it takes Microsoft to fix? On the other hand, you have one OS X/iOS 'exploit' that's caused by users installing provisioning profiles to allow them to ostensibly get access to pirated apps. The same tech pundits who wink at the monthly avalanche of Window's security exploits are suddenly transformed into hyperbolic click bait machines and wringing their hands over Apple's lack of security. Even The Verge was going insane and calling it the first ever iOS exploit and of course that's not true considering the risk of malware via provisioning profiles has been documented for a very long time.
So let's pay attention to everyone else's problems, and ignore ours. Real smart.