New iOS and OS X Malware Infects Non-Jailbroken Apple Devices

WireLurker is the “biggest in scale” iOS and OS X malware to install “trojanized” apps through USB connections on non-jailbroken iOS devices, according to a report by Palo Alto Networks.

“WireLurker is now the only known active, non-jailbroken malware threat putting over 800 million iOS devices at risk,” the report says.

In the past six months, the new malware family infected 467 OS X apps on the Maiyadi App Store, a Chinese third-party store known to sell pirated Apple software. The repackaged apps, including versions of Sims 3, Angry Birds and Battlefield, were downloaded some 356,000 times and allegedly stole personal information from thousands of users.

By design, valid Android applications can be re-engineered for illicit gains by adding functionalities.

WireLurker spoofs valid apps, inserts malicious code and uploads it to third-party app stores. Unsuspecting users, lured by an interface using wallpaper with a “Pirates of the Caribbean” theme, download and install them along with other malicious executable files loaded by the operating system as “launch daemons.” These allow the device to receive instructions from a control-and-command center and perform malicious actions.

For instance, WireLurker looks for iOS devices connected to an OS X computer via USB and employs a combination of techniques to download the repackaged apps through iTunes protocols. A special library called libimobiledevice lets hackers exfiltrate information such as the user`s phone number, Apple ID, and Wi-Fi address and send it back to the command-and-control center.

If the device is jailbroken, the virus will infect the iOS app before it`s installed. However, on non-jailbroken devices, WireLurker requires the user to accept the installation of an enterprise certificate signed application before proceeding.

All the bogus applications were hosted on Huawei and Badu cloud storage websites and not on Maiyadi`s servers, the report reads.

WireLurker was discovered after Chinese users complained about new, suspicious apps being installed on their devices without their consent. Users are advised to install security software for Mac OS X, avoid pairing their iOS devices with unknown computers or downloading software from untrusted or unknown sources.