E-Threats Industry News

New iOS and OS X Malware Infects Non-Jailbroken Apple Devices

New iOS and OS X Malware Infects Non-Jailbroken Apple Devices

New iOS and OS X Malware Infects Non-Jailbroken Apple DevicesWireLurker is the “biggest in scale” iOS and OS X malware to install “trojanized” apps through USB connections on non-jailbroken iOS devices, according to a report by Palo Alto Networks.

“WireLurker is now the only known active, non-jailbroken malware threat putting over 800 million iOS devices at risk,” the report says.

In the past six months, the new malware family infected 467 OS X apps on the Maiyadi App Store, a Chinese third-party store known to sell pirated Apple software. The repackaged apps, including versions of Sims 3, Angry Birds and Battlefield, were downloaded some 356,000 times and allegedly stole personal information from thousands of users.

By design, valid Android applications can be re-engineered for illicit gains by adding functionalities.

WireLurker spoofs valid apps, inserts malicious code and uploads it to third-party app stores. Unsuspecting users, lured by an interface using wallpaper with a “Pirates of the Caribbean” theme, download and install them along with other malicious executable files loaded by the operating system as “launch daemons.” These allow the device to receive instructions from a control-and-command center and perform malicious actions.

For instance, WireLurker looks for iOS devices connected to an OS X computer via USB and employs a combination of techniques to download the repackaged apps through iTunes protocols. A special library called libimobiledevice lets hackers exfiltrate information such as the user’s phone number, Apple ID, and Wi-Fi address and send it back to the command-and-control center.

If the device is jailbroken, the virus will infect the iOS app before it’s installed. However, on non-jailbroken devices, WireLurker requires the user to accept the installation of an enterprise certificate signed application before proceeding.

All the bogus applications were hosted on Huawei and Badu cloud storage websites and not on Maiyadi’s servers, the report reads.

WireLurker was discovered after Chinese users complained about new, suspicious apps being installed on their devices without their consent. Users are advised to install security software for Mac OS X, avoid pairing their iOS devices with unknown computers or downloading software from untrusted or unknown sources.

About the author

Alexandra GHEORGHE

Alexandra started writing about IT at the dawn of the decade - when an iPad was an eye-injury patch, we were minus Google+ and we all had Jobs. She has since wielded her background in PR and marketing communications to translate binary code to colorful stories that have been known to wear out readers' mouse scrolls. Alexandra is also a social media enthusiast who 'likes' only what she likes and LOLs only when she laughs out loud.