Just days after a Swedish hacker discovered a serious vulnerability in Apple's newly released OS X Yosemite, security researchers at Palo Alto Networks have found a new malware that infects iOS devices through OS X.
Dubbed WireLurker, the malware is primarily spreading through infected OS X apps (467 in number so far) present in the Maiyadi App Store, a third-party Mac app store in China, that have already been downloaded 356,104 times, possibly infecting hundreds of thousands of users.
Once WireLurker infects an OS X computer, it monitors any iOS device connected via USB with the computer and installs downloaded third-party applications or automatically generated malicious applications onto the device, regardless of whether it is jailbroken or not.
"WireLurker exhibits complex code structure, multiple component versions, file hiding, code obfuscation and customized encryption to thwart anti-reversing", the company said in a report.
On non-jailbroken devices, WireLurker simply installs a fake comic book app, which researchers suspect is a test payload, using a forged enterprise provisioning certificate, while on jailbroken devices, it spies on payments apps like AliPay. Once the malware infects an iOS device, it can steal a victim’s address book, read iMessage text messages, and request updates from its command-and-control server.
"This malware is under active development", the report says, adding that "its creator’s ultimate goal is not yet clear". Palo Alto Networks is advising users not to download and run Mac apps from third-parry app stores, download sites, or other untrusted sources, and avoid using USB-based chargers from unknown or untrusted sources. The company has also developed a software that you can use to test for the malware.