A report from Palo Alto Networks (hat tip The Verge) claims that a new family of malware is getting past Apple’s settings to potentially infect secure (i.e. not jailbroken) iOS devices using infected software for Macs. Dubbed ‘WireLurker’, it was found in the wild in the Maiyadi App Store, a third-party Mac store in China, where it is said to have infected 467 apps. Infected versions of these programs have been downloaded more than 350,000 times and are likely to have affected “hundreds of thousands” of users, according to Palo Alto Networks.
Apple tells us that it has blocked infected apps from working — the company’s full statement is at the bottom of this post.
The malware works by repacking legitimate Mac applications. Once downloaded to a Mac, that software will then install malicious and third-party applications on any iOS device that is connected to the infected machine using a USB cable. What’s most interesting — or, indeed, worrying for Apple customers — is that once on an iOS device, WireLurker reportedly uses a range of sophisticated techniques to modify existing apps for malicious purposes.
While the aim of its creators is not clear yet, Palo Alto Networks reports, WireLurker has been found to steal “a variety of information” from inside rewritten apps. Since it surfaced in China, it is targeting Alibaba’s hugely popular Taobao shopping and AliPay payment apps — where a phone owner’s credit card and bank details are retained — but the security firm says the way it operates could usher in a “new era” of malware for Apple devices.
In particular, Palo Alto Networks says it is “the first in-the-wild malware to install third-party applications on non-jailbroken iOS devices through enterprise provisioning.”
The security firm recommends its own product to help prevent WireLurker, but — as ever — the best pieces of advice are to avoid downloading apps from third-party sources, and use officially approved USB cables. The former is more difficult in China, where third-party app store are well established and hugely popular — though that’s more the case for Android than Mac or iOS.
The full report from Palo Alto Networks has additional advice for Apple customers in the enterprise space, who could be most at risk given WireLurker’s characteristics.
Apple says it has taken action against the infected apps in China:
We are aware of malicious software available from a download site aimed at users in China, and we’ve blocked the identified apps to prevent them from launching. As always, we recommend that users download and install software from trusted sources.