Apple blocks apps after WireLurker malware on iOS and Mac OS X uncovered in China

Posted on Posted in Hacker News
Apple has responded to reports of malware targeting its iOS and Mac OS X platforms by blocking the apps in question and has urged users not only use its own app store for downloads.

Apple has made the move after security firm Palo Alto Networks warned that a new malware called WireLurker malware was found targeting Apple iOS and Mac software and is infecting systems on a large scale.

The malware was reaching Apple devices via apps being downloaded to Mac OS X machines from untrusted third-party app stores. The malware was then able to ‘jump’ to iOS devices when they were plugged into the Macs with the malware.

Apple said it has now acted to limit the impact of this threat: “We are aware of malicious software available from a download site aimed at users in China, and we’ve blocked the identified apps to prevent them from launching,” it said.

“As always, we recommend that users download and install software from trusted sources.”

Palo Alto Networks said the threat was the first “known malware that can infect installed iOS applications” in the same way as a traditional virus, and can install itself on non-jailbroken phones through the enterprise provisioning system.

“We believe that this malware family heralds a new era in malware attacking Apple’s desktop and mobile platforms,” it said. “Of [the] known malware families distributed through trojanised/repackaged OS X applications, it is the biggest in scale we have ever seen.”

Palo Alto explained that the malware was installed on over four hundred apps on a Chinese third-party download site, and has probably spread to many thousands of users already.

“In the past six months, these 467 infected applications were downloaded over 356,104 times and may have impacted hundreds of thousands of users,” the firm said.

However, despite studying WireLurker for six months, Palo Alto has been unable to identify its “ultimate goal”.

“WireLurker is capable of stealing a variety of information from the mobile devices it infects and regularly requests updates from the attacker’s command and control server,” the report said. “This malware is under active development and its creator’s ultimate goal is not yet clear.”

Palo Alto advised enterprise users to avoid untrusted web stores and USB chargers.



Leave a Reply