Researchers discover 'Wirelurker' iOS malware that spreads through infected OS X apps

[Himanshu Arora]

Just days after a Swedish hacker discovered a serious vulnerability in Apple's newly released OS X Yosemite, security researchers at Palo Alto Networks have found a new malware that infects iOS devices through OS X.

Dubbed WireLurker, the malware is primarily spreading through infected OS X apps (467 in number so far) present in the Maiyadi App Store, a third-party Mac app store in China, that have already been downloaded 356,104 times, possibly infecting hundreds of thousands of users.

Once WireLurker infects an OS X computer, it monitors any iOS device connected via USB with the computer and installs downloaded third-party applications or automatically generated malicious applications onto the device, regardless of whether it is jailbroken or not.

"WireLurker exhibits complex code structure, multiple component versions, file hiding, code obfuscation and customized encryption to thwart anti-reversing", the company said in a report.

On non-jailbroken devices, WireLurker simply installs a fake comic book app, which researchers suspect is a test payload, using a forged enterprise provisioning certificate, while on jailbroken devices, it spies on payments apps like AliPay. Once the malware infects an iOS device, it can steal a victim’s address book, read iMessage text messages, and request updates from its command-and-control server.

"This malware is under active development", the report says, adding that "its creator’s ultimate goal is not yet clear". Palo Alto Networks is advising users not to download and run Mac apps from third-parry app stores, download sites, or other untrusted sources, and avoid using USB-based chargers from unknown or untrusted sources. The company has also developed a software that you can use to test for the malware.

Permalink to story.

https://www.techspot.com/news/58723-wirelurker-ios-malware-spreads-through-infected-os-x.html

 

[Guest]

Funny how a few years back, people said that apple devices have no viruses. It was because hackers don't want to waste time on low populated operating systems. So now remember this: with great popularity comes greater viruses.

 

[fimbles]

Its useless unless you have a jail broken device. Apples dignity remains intact.

 

[seefizzle]

Its useless unless you have a jail broken device. Apples dignity remains intact.

The article clearly states that it doesn't matter if the iphone is jailbroken or not. It does make a distinction between what happens on a jailbroken iphone versus a non jailbroken iphone, but it also says that they don't clearly understand the intent of the virus or what it's end game might be.

Regardless of what it does or doesn't do to a jail broken or not jail broken iphone, the fact remains... there's a virus for the Mac desktop that can propagate to the iphone. Something to pay attention to.

For those that think Apple is the end all be all of security, click the little magnifying glass icon at the top of the page here on Techspot and search for "Apple Security", and sift through the pages of articles about the problems Apple has with security. Apple is for sure not without it's own security problems, but for some reason they get a free pass.

 

[Camikazi]

Its useless unless you have a jail broken device. Apples dignity remains intact.

The article clearly states that it doesn't matter if the iphone is jailbroken or not. It does make a distinction between what happens on a jailbroken iphone versus a non jailbroken iphone, but it also says that they don't clearly understand the intent of the virus or what it's end game might be.

Regardless of what it does or doesn't do to a jail broken or not jail broken iphone, the fact remains... there's a virus for the Mac desktop that can propagate to the iphone. Something to pay attention to.

For those that think Apple is the end all be all of security, click the little magnifying glass icon at the top of the page here on Techspot and search for "Apple Security", and sift through the pages of articles about the problems Apple has with security. Apple is for sure not without it's own security problems, but for some reason they get a free pass.

Reality Distortion Field, created by Jobs and apparently still in working order.

 

[fimbles]

Its useless unless you have a jail broken device. Apples dignity remains intact.

The article clearly states that it doesn't matter if the iphone is jailbroken or not. It does make a distinction between what happens on a jailbroken iphone versus a non jailbroken iphone, but it also says that they don't clearly understand the intent of the virus or what it's end game might be.

Regardless of what it does or doesn't do to a jail broken or not jail broken iphone, the fact remains... there's a virus for the Mac desktop that can propagate to the iphone. Something to pay attention to.

For those that think Apple is the end all be all of security, click the little magnifying glass icon at the top of the page here on Techspot and search for "Apple Security", and sift through the pages of articles about the problems Apple has with security. Apple is for sure not without it's own security problems, but for some reason they get a free pass.

The virus is being spread through 3rd party websites on jail broken devices, both are against apples terms of service. I hate apples overpriced stuff, but this issue is clearly not their fault.

 

[captaincranky]

The virus is being spread through 3rd party websites on jail broken devices, both are against apples terms of service....[ ]...

Still, you have to admit, Apple's "iGestapo" terms of service don't allow a whole lot of leeway.

 

[Guest]

"Palo Alto Networks is advising users not to download and run Mac apps from third-parry app stores, download sites, or other untrusted sources, and avoid using USB-based chargers from unknown or untrusted sources. The company has also developed a software that you can use to test for the malware."

So which is it? Are they not a Third-Party Download Website? lol