New ‘WireLurker’ Malware Targets Non-Jailbroken iOS and OS X Users in China [u]

New malware dubbed ‘WireLurker’ has been discovered by security company Palo Alto Networks (via the New York Times), targeting iOS and OS X users in China.

Screenshot 2014 11 05 23 22 42

Palo Alto Networks says the malware was infecting users via the Maiyadi App Store, a source of third party apps for Mac users in China. Over the past six months, 467 apps have been infected, seeing 356,104 downloads, therefore impacting possibly hundreds of thousands of users.

Here are the five key points of ‘WireLurker’ noted by the security firm, which can affect non-jailbroken iOS devices via an infected Mac’s USB:

  • Of known malware families distributed through trojanized / repackaged OS X applications, it is the biggest in scale we have ever seen
  • It is only the second known malware family that attacks iOS devices through OS X via USB
  • It is the first malware to automate generation of malicious iOS applications, through binary file replacement
  • It is the first known malware that can infect installed iOS applications similar to a traditional virus
  • It is the first in-the-wild malware to install third-party applications on non-jailbroken iOS devices through enterprise provisioning

‘WireLurker’ is dubbed as a “new brand of threat to all iOS devices” as it can steal a variety of information and periodically send updates to the malware server, while being capable of stealing contacts and reading iMessages.

Palo Alto Networks recommends users ensure Security and Privacy settings in OS X are set to only run approved Mac App Store apps and to not run apps from a third party store. It told the NYT it has told Apple about its findings but has not heard back.

To protect your iOS device, the security firm says to not install unknown enterprise provisioning profiles, pair your device with untrusted computers or charge it via unknown sources. It also says to avoid jailbreaking, but if you do only download from “credible Cydia community sources”.

Update: Apple has released the following statement (via The Loop) on ‘WireLurker’ and has blocked the apps:

“We are aware of malicious software available from a download site aimed at users in China, and we’ve blocked the identified apps to prevent them from launching. As always, we recommend that users download and install software from trusted sources.”