A new era info-stealing malware targeting Apple iPhoneS and iPads is mainly affecting users in China, say security researchers.
Researchers at Palo Alto Networks have called the malware "WireLurker" because it waits for devices running Apple’s iOS mobile operating system to connect to computers running Mac OS X.
WireLurker monitors any iOS device connected via USB with an infected OS X computer and installs downloaded third-party applications or automatically generated malicious applications on to the device, regardless of whether it is jailbroken.
WireLurker is unlike any previous Apple iOS and Mac OS X malware. It was found hidden in apps downloaded from third-party Mac OS X app stores in China.
“It is only the second known malware family that attacks iOS devices through OS X via USB and it is the first known malware that can infect installed iOS applications similar to a traditional virus,” Xiao said.
More on mobile malware
- Mobile malware threats jump 26% in third quarter
- Research reveals widespread mobile app hacking
- Android versus iOS in the enterprise: A whole new ballgame in 2013
- Android versus iOS security: Features, policies and controls
- Reassessing Mac enterprise security in face of Flashback malware
- Android security model doing best to enable mobile malware spread
- How an iOS virus can infect the enterprise and what to do about it
- Smartphone malware: Infections will hit one in 20, study predicts
- Security issues hit Apple as new OS X released
WireLurker is also the first malware to automate a generation of malicious iOS applications through binary file replacement, and it is the first in-the-wild malware to install third-party applications on non-jailbroken iOS devices through enterprise provisioning.
The researchers said the malware is spreading via malware code added to more than 400 legitimate downloaded apps, which have been more than 350,000 times.
WireLurker is designed to steal user data, but researchers said the goal of the malware is not immediately clear because it appears to be still under development.
Discovery of the malware comes just weeks after Apple’s iCloud storage service in China came under attack by hackers trying to steal user data.
Chinese web monitoring group Greatfire.org said hackers intercepted China’s iCloud data and potentially gained access to passwords, messages, photos and contacts.
Greatfire.org accused the Chinese government of being behind the attacks, but the allegations have been denied by state officials.
China has the world's biggest smartphone market, where Apple iPhone sales increased 50% in the second quarter of the year compared with the same period in 2013.
How to mitigate the WireLurker threat
- Enterprises should assure their mobile device traffic is routed through a threat-prevention system.
- Use an antivirus or security protection product for the Mac OS X system and keep it up to date.
- In the OS X System Preferences panel, under Security & Privacy, ensure “Allow apps downloaded from Mac App Store (or Mac App Store and identified developers)” is enabled.
- Do not download and run Mac applications or games from any third-party app store, download site or other untrusted source.
- Keep iOS up to date.
- Do not accept any unknown enterprise-provisioning profile unless explicitly instructed to do so by a trusted party.
- Do not pair your iOS device with untrusted or unknown computers or devices.
- Avoid powering your iOS device through chargers from untrusted or unknown sources.
- Do not jailbreak your iOS device.