WireLurker is the â€œbiggest in scaleâ€ iOS and OS X malware to install â€œtrojanizedâ€ apps through USB connections on non-jailbroken iOS devices, according to a report by Palo Alto Networks.
â€œWireLurker is now the only known active, non-jailbroken malware threat putting over 800 million iOS devices at risk,â€ the report says.
In the past six months, the new malware family infected 467 OS X apps on the Maiyadi App Store, a Chinese third-party store known to sell pirated Apple software. The repackaged apps, including versions of Sims 3, Angry Birds and Battlefield, were downloaded some 356,000 times and allegedly stole personal information from thousands of users.
By design, valid Android applications can be re-engineered for illicit gains by adding functionalities.
WireLurker spoofs valid apps, inserts malicious code and uploads it to third-party app stores. Unsuspecting users, lured by an interface using wallpaper with a â€œPirates of the Caribbeanâ€ theme, download and install them along with other malicious executable files loaded by the operating system as â€œlaunch daemons.â€ These allow the device to receive instructions from a control-and-command center and perform malicious actions.
For instance, WireLurker looks for iOS devices connected to an OS X computer via USB and employs a combination of techniques to download the repackaged apps through iTunes protocols. A special library called libimobiledevice lets hackers exfiltrate information such as the userâ€™s phone number, Apple ID, and Wi-Fi address and send it back to the command-and-control center.
If the device is jailbroken, the virus will infect the iOS app before itâ€™s installed. However, on non-jailbroken devices, WireLurker requires the user to accept the installation of an enterprise certificate signed application before proceeding.
All the bogus applications were hosted on Huawei and Badu cloud storage websites and not on Maiyadiâ€™s servers, the report reads.
WireLurker was discovered after Chinese users complained about new, suspicious apps being installed on their devices without their consent. Users are advised to install security software for Mac OS X, avoid pairing their iOS devices with unknown computers or downloading software from untrusted or unknown sources.