New 'WireLurker' malware targets Chinese Apple users, hops from OS X to iOS via USB

13

Comments

  • Reply 41 of 67
    quadra 610quadra 610 Posts: 6,757member
    [B]WireLurker was used to trojanize 467 OS X applications on the Maiyadi App Store, a third-party Mac application store in China. In the past six months, these 467 infected applications were downloaded over 356,104 times and may have impacted hundreds of thousands of users.[/B]

    Nothing to see here.

    Moving along...
  • Reply 42 of 67
    idreyidrey Posts: 647member
    lolliver wrote: »
    Apple has already done plenty to protect their users however they can't prevent them from jail breaking iPhones, disabling security features, installing pirated software or installing software from untrusted developers. There is a reason why the Apple platforms of both iOS and OS X have the lowest instances of malware/spyware/viruses of any commercial/consumer platforms and it's all due to the way Apple have designed those platforms to focus on security. It is not Apple's responsibility to do anything at all to protect the "stupid users" as you put it. If someone want to jailbreak their phone or install an application on their Mac from an untrusted developer that's their choice and the consequences are on them, not Apple. This malware threat doesn't seem like it's going to be very widespread and will only affect those users who value piracy/customisation (or in some cases just software that doesn't meet Apple's App store guidelines) over security.

    I am not saying apple is not doing a good job! Sht apple shows more care for their customers than any other company. They just have to look into this things to learn from it and to deal with the stupid media who will blow stuff like this out of proportion. Even though is not apple's issue!
  • Reply 43 of 67
    Read the paper. Apparently, you still have to engage in some pretty risky behavior to have this issue, but it's interesting to see how this is going to get blown out of proportion in the wider media, once the marketing departments start their spinning.
  • Reply 44 of 67
    dasanman69dasanman69 Posts: 13,002member
    gatorguy wrote: »
    Apple has issued the following statement:

    "We are aware of malicious software available from a download site aimed at users in China, and we’ve blocked the identified apps to prevent them from launching. As always, we recommend that users download and install software from trusted sources."

    Funny how many of the comments mirror ones you've gotten ridiculed for.
  • Reply 45 of 67

    My 02 on this for what it's worth:

     

    First the user has to bypass manually Gatekeeper. Remember the default security feature Apple implemented that forbids installing software outside App Store? You can play with this feature and extend the software you can install to identified developers. That means you can still get the apps from the real DEVELOPERS site as long as the apps are signed (i.e. identified) without any risk of infection.

     

    Since the article states that the app is being repackaged with the malware, then when you try to install it on your Mac, it will say it's not from an identified developer because of the broken signature resulted in the repackage process. 

     

    So there you have it. Enough reasons to play safe!

     

    Or you can go "Anywhere" settings and install anything your brain deems safe. From that moment you're on your own and you should really embrace all eventual repercussions.

     

    OS X as iOS, are  built to with security in mind. Bypass security intentionally (dumb) installing whatever junk you want or jailbrake you iOS and you get fucked. It's that simple! I mean why are people even contemplate on the chance of catching something if you throw away knowingly all security!?

  • Reply 46 of 67
    Quote:

    Originally Posted by cnocbui View Post

     



    Right idea, wrong government.


     

    <WhyNotBoth.jpg>  :)

  • Reply 47 of 67
    Quote:

    Originally Posted by Gatorguy View Post





    "...once Wirelurker gains access to a non-jailbroken iPhone, the program simply side-loads a non-malicious comic book app onto the phone, using a forged enterprise provisioning certificate. Palo Alto researchers suspect it's a test payload to ensure the system works before moving on to more profitable ends. For jailbroken phones, the malware rewrites the apps for the TaoBao and AliPay apps (Alibaba's applications for auctions and payments, respectively) so as to harvest payment information."

     

    Yep, if you have a non-jailbroken phone you are still protected by iOS sandboxing.  

  • Reply 48 of 67

    Oh! Is this the first malware attack on Apple?

  • Reply 49 of 67
    rob53rob53 Posts: 3,241member
    Quote:

    Originally Posted by MasterChat View Post

     

    Oh! Is this the first malware attack on Apple?


    No. There have been similar attacks when programmers insert malware inside pirated applications. Apple has done the correct thing in revoking the developer's certificate so it won't install/launch unless someone has changed their security preferences. As with almost all malware on all platforms, if you can get the user to install the malware through any type of app, there's not much that can be done. I see malware as being something that can get installed without a user's permission. This would include clicking on an email link and having software installed without the user's permission (admin account and password).

  • Reply 50 of 67
    dasanman69dasanman69 Posts: 13,002member
    Yep, if you have a non-jailbroken phone you are still protected by iOS sandboxing.  

    What part of this didn't you understand?
    Unlike other viruses, which usually target jailbroken iOS devices, WireLurker can jump from a Mac onto an iPhone running a vanilla version of Apple's operating system by leveraging Apple's enterprise provisioning assets.
  • Reply 51 of 67
    gatorguygatorguy Posts: 24,176member
    rob53 wrote: »
    No. There have been similar attacks when programmers insert malware inside pirated applications. Apple has done the correct thing in revoking the developer's certificate so it won't install/launch unless someone has changed their security preferences. As with almost all malware on all platforms, if you can get the user to install the malware through any type of app, there's not much that can be done. I see malware as being something that can get installed without a user's permission. This would include clicking on an email link and having software installed without the user's permission (admin account and password).

    To be fair this would be installed on an iOS device without the users permission if the report is accurate. The infection isn't coming from the iOS App Store or even a 3rd party iOS app-store but from the users Mac which was infested by a repackaged Mac app and spoofed certificate. That would qualify it as malware even by your definition wouldn't it? Apparently this is a much different situation than iOS users have seen before, assuming of course the researchers findings are right.

    When this happens on other platforms it's often referred to as a virus, correctly or not.
  • Reply 52 of 67
    fallenjtfallenjt Posts: 4,053member
    dacloo wrote: »
    That's short sighted. What if the developer doesn't want to share 30% with Apple? Or what if the software is very specialized, or some plugin to a host app? What if it's business software, ie. for internal company use?
    This wouldn't be supported through the App Store.
    The fact Apple wants us all to use their ecosystem, a desktop OS has always been about the freedom of installing and configuring whatever users want to do, unlike iOS.
    This is why Apple still allows us to install third party software; if they would disable the ability to do so, every non-consumer would immediately jump ship.
    For your "what if": to save 30%, those people are willing to risk, then they deserve it. It's like to buy a drug without FDA approval.
  • Reply 53 of 67
    flaneurflaneur Posts: 4,526member
    "Marketplace," one of the shallowest franchises on public radio, has this as their lead story this morning.

    "Finding a bug on your iPhone" the piece begins. Nary a mention that this affects only Chinese risk-takers in their short version, more disgraceful that in their longer version they go into detail about the jailbreak factor. Shameless.

    Now NPR has a two or three sentence version that makes no mention that the exploit is limited to jailbroken Chinese phones. Probably it's based on the Marketplace distortion.

    Journalists have become like a disease.

    Edit: I see that the jailbreak issue is way more complex than the simple English-major mind can handle, the kind of mind that generally produces journalists. We got a competence gap here, now that everyone has a supercomputer in their pocket.

    Edit 2: Laura Sidell of NPR is now emphasizing the Chinese-only angle, as of Thursday afternoon. Good for her
  • Reply 54 of 67
    Quote:

    Originally Posted by dasanman69 View Post





    What part of this didn't you understand?

     

    You obviously don't understand how iOS works.  I write iOS apps for a living.  

     

    This malware doesn't jailbreak a device.  The iOS sandboxing still exists.  

     

    For a non-jailbroken device, this just loads a comic book app that doesn't break the sandbox model.  

  • Reply 55 of 67
    dasanman69dasanman69 Posts: 13,002member
    You obviously don't understand how iOS works.  I write iOS apps for a living.  

    This malware doesn't jailbreak a device.  The iOS sandboxing still exists.  

    For a non-jailbroken device, this just loads a comic book app that doesn't break the sandbox model.  

    I'm not the one that wrote the article, which specifically states that it affects non-jailbroken iPhones.
  • Reply 56 of 67
    Quote:

    Originally Posted by dasanman69 View Post





    I'm not the one that wrote the article, which specifically states that it affects non-jailbroken iPhones.

     

    Doesn't excuse you for being wrong and calling me out when I'm correct.  

     

    Read the security research paper.  For non-jailbroken devices, it enterprise loads a comic book app that is harmless.  

     

    This should be classified as bloatware, not malware, for non-jailbroken devices.

     

    In the future these people could figure out how to jailbreak a device then load the actual malware.  This hasn't happened.  

  • Reply 57 of 67
    Can't patch stupid.
  • Reply 58 of 67
    dasanman69dasanman69 Posts: 13,002member
    Doesn't excuse you for being wrong and calling me out when I'm correct.  

    Read the security research paper.  For non-jailbroken devices, it enterprise loads a comic book app that is harmless.  

    This should be classified as bloatware, not malware, for non-jailbroken devices.

    In the future these people could figure out how to jailbreak a device then load the actual malware.  This hasn't happened.  

    Show me where it says that on here.

    http://researchcenter.paloaltonetworks.com/2014/11/wirelurker-new-era-os-x-ios-malware/
  • Reply 59 of 67
    Quote:

    Originally Posted by dasanman69 View Post





    Show me where it says that on here.



    http://researchcenter.paloaltonetworks.com/2014/11/wirelurker-new-era-os-x-ios-malware/

     

    That isn't the research paper, that is the summary genius.  

  • Reply 60 of 67
    gatorguygatorguy Posts: 24,176member
    That isn't the research paper, that is the summary genius.  

    Should it be able to load anything without your permission? Seems like a foot in the door. if Apple can do so I would think they'll chop off the toes sooner rather than later and eliminate the exploit.
Sign In or Register to comment.