A research paper was published by researches from Palo Alto Networks a malware known as WireLurker that has been making its way into Mac OS and iOS systems in the past half a year.
According to the paper, WireLurker is aiming Apple users in China and is “new era in malware attacking Apple’s desktop and mobile platforms.” WireLurker has to ability to attack iOS gadgets through OSX using USB. It is the first malware with the ability to install third party apps on non jailbroken iOS gadgets via “enterprise provisioning.” WireLurker seems to be “biggest in scale” in the trojan family.
As of late, WireLurker has made its way to 467 OSX apps at a third party Mac app store in China known as Maiyadi App Store. The malware searches for any iOS device connected through USB to an infected Mac. It then installs malicious third party application onto the iOS device. Once it is installed, the malware collects data from the device and is able to request updates from the attackers. There isn’t an ultimate goal for the malware known yet and WireLurker is said to be in active development.
The researchers have recommended to iOS users to avoid using apps infected with the malware and not to download and run Mac apps or games from any third party app store, sites and other sources other than Apple. Also, of course, do not jailbreak your iOS device. Do not pair your device with any unknown computers or charging with unknown chargers. Avoid unknown enterprise provisioning profiles as well.
Apple originally declined to comment but has since issued a statement to iMore. According to the Cupertino company,
“We are aware of malicious software available from a download site aimed at users in China,” an Apple spokesperson told iMore, “and we’ve blocked the identified apps to prevent them from launching. As always, we recommend that users download and install software from trusted sources. We designed OS X and iOS with built-in security safeguards to help protect customers and warn them before installing potentially malicious software. We’re not aware of any customers that have actually been affected by this attack. We encourage customers to only download from trusted sources like the App Store and to pay attention to any warnings as they download apps. Enterprise users installing custom apps should install apps from their company’s secure website.”
Source: Techno Buffalo