The new family of malware, dubbed WireLurker, has been discovered by Palo Alto Networks Inc. which said it shows “characteristics unseen in any previously documented threats targeting Apple platforms.”
Palo Alto said this is the first known malware family that can infect installed iOS applications similar to how a traditional virus would, and it’s only the second-known malware family that can attack iOS devices through OS X — the operating system that powers every Apple Mac.
WireLurker monitors any iOS device connected via USB with an infected OS X computer and then downloads third-party applications onto the device. And it doesn’t matter whether the device is jailbroken or not, hence the term “Wire Lurker,” the network security company said in a 30-page report.
“WireLurker is capable of stealing a variety of information from the mobile devices it infects and regularly requests updates from the attackers command and control server,” said Palo Alto Networks in the report. “This malware is under active development and its creator’s ultimate goal is not yet clear.”
Palo Alto said a developer at Tencent Holdings Ltd. first made note of the threat in June, and then threads on Apple forums started popping up, in which device users noted the installation of strange applications and the creation of enterprise provisioning profiles.
The company said WireLurker was used to trojanize — a trojan is a type of malware designed to provide unauthorized, remote access to a users computer — 467 OS X applications on the Maiyadi App Store, a third-party Mac application store in China. Over the past six months, those applications have been downloaded over 356,104 times, potentially impacting hundreds of thousands of users, it said.
The duo behind the success of Beats, recently purchased by Apple for $3 billion, has launched a new dream factory at USC.
Palo Alto noted that only two malware/adware families have been confirmed as successfully installed onto non-jailbroken iOS devices, one in September 2010 and the other in July 2012, and both were removed by Apple from the App Store immediately. As it stands, WireLurker is the only known active, non-jailbroken malware threat, which puts over 800 million iOS devices at risk, it said.
“WireLurker is unlike anything we’ve ever seen in terms of Apple iOS and OS X malware,” said Ryan Olson, intelligence director for the company’s Unit 42 division. “The techniques in use suggest that bad actors are getting more sophisticated when it comes to exploiting some of the world’s best-known desktop and mobile platforms.”
Olson told Reuters in an interview that there was no evidence the hackers have so far made off with anything more than messaging IDs and contacts from users’ address books. But, he said, “they could just as easily take your Apple ID or do something else that’s bad news.”
He added that they notified Apple a couple of weeks ago of the threat. A spokesman for Apple could not immediately be reached for comment.
Palo Alto suggests Mac and iOS users avoid downloading Mac applications or games from any third-party app store, download site or untrusted source, or connect an iOS device to any accessories, such as chargers, or computers they aren’t sure can be trusted. And keep iOS software up to date, said the company.
Apple released the latest update to iOS last month.