Researchers Discover New 'WireLurker' Malware Affecting Macs and iOS Devices in China [Updated]

lightning_usb_cable_0_5_mResearchers from Palo Alto Networks (via The New York Times) have published a research paper on WireLurker, a malware new family that's been infecting both Mac OS and iOS systems over the course of the past six months. The researchers say that WireLurker, which is targeting users in China, "heralds a new era in malware attacking Apple's desktop and mobile platforms."

The WireLurker malware is the "biggest in scale" in the trojanized malware family, and it is able to attack iOS devices through OS X using USB. It's said to be able to infect iOS applications similar to a traditional virus, and it is the first malware capable of installing third-party applications on non-jailbroken iOS devices "through enterprise provisioning."

Thus far, WireLurker has been used in 467 OS X apps in the Maiyadi App Store, which is a third-party Mac app store in China. The apps have been downloaded 356,104 times, infecting hundreds of thousands of users.

According to the researchers, WireLurker looks for iOS devices connected via USB to an infected Mac, installing malicious third-party applications onto the device even without a jailbreak.

WireLurker monitors any iOS device connected via USB with an infected OS X computer and installs downloaded third-party applications or automatically generated malicious applications onto the device, regardless of whether it is jailbroken. This is the reason we call it "wire lurker". Researchers have demonstrated similar methods to attack non-jailbroken devices before; however, this malware combines a number of techniques to successfully realize a new brand of threat to all iOS devices.

WireLurker exhibits complex code structure, multiple component versions, file hiding, code obfuscation and customized encryption to thwart anti-reversing. In this whitepaper, we explain how WireLurker is delivered, the details of its malware progression, and specifics on its operation.

Once installed, WireLurker can collect information from iOS devices like contacts and iMessages, and it's able to request updates from attackers. It's said to be under "active development" with an unclear "ultimate goal."

Palo Alto Neworks offers several recommendations for avoiding apps infected with WireLurker, including an antivirus product and Mac App Store installation restrictions that prevent apps from unknown third parties from being installed. Users should not download and run Mac apps or games from third-parry app stores, download sites, or other untrusted sources and jailbreaking should be avoided.

Unknown enterprise provisioning profiles must be avoided as well, and users should avoid pairing their iOS devices with unknown computers or charging with chargers from untrusted or unknown sources.

Palo Alto Networks has notified Apple of the malware, but an Apple spokesperson declined to offer a comment.

Update: Apple has issued a statement to iMore about the issue:

"We are aware of malicious software available from a download site aimed at users in China," an Apple spokesperson told iMore, "and we've blocked the identified apps to prevent them from launching. As always, we recommend that users download and install software from trusted sources."

Top Rated Comments

mattcha90 Avatar
116 months ago
This is what everyone who always complain about Apple's vice-grip on openness doesn't understand. If you stick with the Apple pre-approved things you're safe 99.99% of the time. It's only when you open yourself to third party apps that you run the risk of malware. It can't exist without you opening the door to it.
Score: 59 Votes (Like | Disagree)
needfx Avatar
116 months ago
applebola




-
Score: 27 Votes (Like | Disagree)
fins831 Avatar
116 months ago
this is why I love the closed environment Apple creates, if the consumer is smart, they will be unaffected 99percent of the time. Walled garden protect me from all the bad stuff please haha
Score: 21 Votes (Like | Disagree)
bbeagle Avatar
116 months ago
Trojan software exists on ALL systems. This is nothing new.

Anyone can write a program on Windows/Unix/OS X to do ANYTHING. That's really the point of personal computers. There is nothing Apple/Microsoft or anyone can do to stop this outside of using their approved app stores where they can take down a malicious app like this.

This article is just iHater bait to people who don't understand how software works. A virus or worm is a different thing. A trojan - can happen to any operating system at any time. A trojan is basically software that says it does one thing then actually does something else. That's what Apple's App Store helps avoid, apps like this. This proves, again, that the Apple closed app store protects users better.
Score: 17 Votes (Like | Disagree)
fallenjt Avatar
116 months ago
Thanks, Apple for your closed system and malware free environment. People in China want to get cheap apps or free app and this is their result of being cheap.

----------

This is why I have always been a big fan of the walled garden!:cool::apple:
Not one of my Apple products has suffered any virus attacks.:cool::apple:

mine too. My Mac Mini is on 24/7 since bought in Nov 2011...no attack, virus, malware ever.
Score: 11 Votes (Like | Disagree)
Michael Goff Avatar
116 months ago
We gave jobs to them that just a few decades ago china had nothing to offer except fireworks! This is how they repay us in the many cruel ways that they have and the west refuses to wake up to what it's done to themselves! This could all be reversed.

And everyone who moved their business over there did it out of the kindness of their hearts, right?

:rolls eyes:
Score: 10 Votes (Like | Disagree)

Popular Stories

iPhone 16 Mock Header With Dynamic Island

Skipping the iPhone 15 Pro? Here's What's Rumored for iPhone 16 Pro

Friday September 22, 2023 9:29 am PDT by
Are you skipping the iPhone 15 Pro and waiting another year to upgrade? If so, we already have some iPhone 16 Pro rumors for you. Below, we recap new features rumored for the iPhone 16 Pro models so far:Larger displays: The iPhone 16 Pro and iPhone 16 Pro Max will be equipped with larger 6.3-inch and 6.9-inch displays, respectively, according to Ross Young, CEO of Display Supply Chain...
Apple WWDC23 macOS Sonoma hero

macOS Sonoma Launching This Week With These New Features

Sunday September 24, 2023 12:45 pm PDT by
Apple previously announced that macOS Sonoma will be released this Tuesday, September 26. The free software update includes many new features and changes for the Mac, including the five that we have highlighted below. In addition to these five features, we have shared the full release notes for macOS Sonoma below for a complete overview of everything new. Desktop Widgets macOS Sonoma...
Apple Watch Ultra 2 double tap gesture 230912

watchOS 10.1 to Enable Apple Watch's New 'Double Tap' Gesture

Thursday September 21, 2023 12:52 pm PDT by
The new Double Tap gesture for the Apple Watch Series 9 and the Apple Watch Ultra 2 will be enabled starting with watchOS 10.1, according to Marques Brownlee, host of the popular tech-focused YouTube channel MKBHD. The first beta of watchOS 10.1 will likely be available by next week, and Apple announced that the software update will be released next month. Brownlee shared his impressions...