New 'WireLurker' malware targets Chinese Apple users, hops from OS X to iOS via USB
Coming less than one week following the discovery of an OS X vulnerability called "Rootpipe," computer security researchers have found a new form of malware dubbed "WireLurker," which infects well-protected iOS devices through OS X.
Security experts at Palo Alto Networks outlined WireLurker in a research paper published on Wednesday, saying of the malware, "It is the biggest in scale we have ever seen," reports The New York Times.
WireLurker has been active in China for the past six months, first infecting Macs by inserting trojan software through repackaged OS X apps, then moving on to iOS devices via USB. The firm claims the malware is the first to automate generation of malicious iOS apps by implementing a binary file replacement attack.
"They are still preparing for an eventual attack," said Ryan Olson, Palo Alto Networks' director of threat intelligence. "Even though this is the first time this is happening, it demonstrates to a lot of attackers that this is a method that can be used to crack through the hard shell that Apple has built around its iOS devices."
Unlike other viruses, which usually target jailbroken iOS devices, WireLurker can jump from a Mac onto an iPhone running a vanilla version of Apple's operating system by leveraging Apple's enterprise provisioning assets.
As described the Palo Alto Networks, WireLurker monitors a Mac for new iOS devices through infected programs, then installs over USB malicious applications either download from a remote server or generated autonomously on-device. Once installed, the malware can access sensitive data like user contacts, read iMessages and ping a remote server for command-and-control operations, among other nefarious functions.
So far, 467 OS X apps have been infected and distributed through China's third-party Maiyadi App Store, with downloads totaling over 356,104 possibly impacting "hundreds of thousands of users." It is unclear what information the malware's creator is after, but the code is being continuously updated and is therefore deemed active.
Security experts at Palo Alto Networks outlined WireLurker in a research paper published on Wednesday, saying of the malware, "It is the biggest in scale we have ever seen," reports The New York Times.
WireLurker has been active in China for the past six months, first infecting Macs by inserting trojan software through repackaged OS X apps, then moving on to iOS devices via USB. The firm claims the malware is the first to automate generation of malicious iOS apps by implementing a binary file replacement attack.
"They are still preparing for an eventual attack," said Ryan Olson, Palo Alto Networks' director of threat intelligence. "Even though this is the first time this is happening, it demonstrates to a lot of attackers that this is a method that can be used to crack through the hard shell that Apple has built around its iOS devices."
Unlike other viruses, which usually target jailbroken iOS devices, WireLurker can jump from a Mac onto an iPhone running a vanilla version of Apple's operating system by leveraging Apple's enterprise provisioning assets.
As described the Palo Alto Networks, WireLurker monitors a Mac for new iOS devices through infected programs, then installs over USB malicious applications either download from a remote server or generated autonomously on-device. Once installed, the malware can access sensitive data like user contacts, read iMessages and ping a remote server for command-and-control operations, among other nefarious functions.
So far, 467 OS X apps have been infected and distributed through China's third-party Maiyadi App Store, with downloads totaling over 356,104 possibly impacting "hundreds of thousands of users." It is unclear what information the malware's creator is after, but the code is being continuously updated and is therefore deemed active.
Comments
Nothing.
It only infects those well protected iOS devices through OS X if the user is downloading Applications to their Mac from a 3rd party App store rather than the Mac App store. Would have been helpful if the author included details about developer certificates. Do the OS X apps on this 3rd party App Store have a signed developer certificate or does the user have to allow apps to be installed from untrusted developers.
Knowing that malware can be installed onto an iPhone via a Mac is still a concern but if it only occurs when default security measures in OS X are disabled then it's not much different than the security risks of jail breaking an iPhone.
I would guess that you have to allow untrusted downloads, just like on Android when you install a third party app.
http://researchcenter.paloaltonetworks.com/2014/11/wirelurker-new-era-os-x-ios-malware/
Download apps from AppStore. Don't be cheap. Using third party app vendor is risky. This is why I like walled garden...safe and secured.
That site is blocked by my firewall here at work but I'll definitely check it out when I get home tonight.
Good thing they changed the title. Thought the Chinese had the first recorded cases of human malware.
Ahhhh that would explain your comment. We've all been guilty of writing something, and not checking how it reads.
In any case this isnt good! This means that this hackers are focusing more energy towards apple. I hope apple can patch this even though it is human error not on apple's part and make ios security stronger which i sure they will
The price of increasing popularity...
Pay for your shit
Doesn't sound like the average user would have to worry about that unless you have an enterprise device eh?
Totally! Of this i was afraid! Hopefully apple will handle it better than ms and the other guys
Apple is still benefitted by not having six tons of legacy cruft like Windows. And iOS is benefitted by having been designed with security in mind. I'm not ready to waive the white flag yet as far as Apple's software being a big security risk.
So it's not a problem with OS X or iOS, just a problem with stupid users trying to rip off hard working developers by skirting around standard secure features of the OS.
Right now, an iOS device is only as secure as US laws and Apple engineering allow.
It should be as secure as security researchers with full access to their own devices can ascertain and make it independently of Apple and the legal mandates it's subjected to as a U.S. corporation.
Competition is good, particularly when it comes to security, competing interests need to be able to null each other, or else users pay the price.
Do Chinese users have full access to the Mac App Store, or is it restricted by the government there?
Download apps from AppStore. Don't be cheap. Using third party app vendor is risky. This is why I like walled garden...safe and secured.
Not all apps and developers have their apps in the AppStore. Some apps are crippled because of Apple's sandbox requirements, and therefore, offer the full-featured app at the developer site. A perfect example is the very popular, GraphicConverter. The App Store version is crippled due to Apple's requirements, so most buy the full-featured version directly from the developer. From the developer's site:
The Mac App Store version has some restrictions due the Apple Sandboxing:
Now why would anyone buy the App Store version of GraphicConverter with these restrictions? Sound Studio is another app that has restrictions in the App Store version. I believe the developer had to remove MP3 support in the App Store version. So in this instance, there could be a chance that the developer site could be taken over and the software tainted with a trojan. But this is an example as to why the App Store isn't always the best choice for software, and sometimes an app is not available in the App Store. So don't think the "walled garden" is the best place to shop for apps.