‘WireLurker’ Malware Affecting Macs and iOS Devices in China

‘WireLurker’ Malware Affecting Macs and iOS Devices in China

The New York Times reports researchers from Palo Alto Networks have published a research paper detailing how a new malware strain is infecting both Mac computers and iOS devices. “WireLurker” targets users in China.



The WireLurker malware is the “biggest in scale” in the trojanized malware family, and it is able to attack iOS devices through OS X using USB. It’s said to be able to infect iOS applications similar to a traditional virus, and it is the first malware capable of installing third-party applications on non-jailbroken iOS devices “through enterprise provisioning.”

So far, the WireLurker malware has been found in 467 OS X apps in the Maiyadi App Store, a popular third-party Mac app store in China. The infected apps have been downloaded a total of 356,104 times.

The researchers say WireLurker monitors a Mac’s USB ports, looking for an iOS device it can infect. It then installs malicious third-party apps onto the device.

WireLurker monitors any iOS device connected via USB with an infected OS X computer and installs downloaded third-party applications or automatically generated malicious applications onto the device, regardless of whether it is jailbroken. This is the reason we call it “wire lurker”. Researchers have demonstrated similar methods to attack non-jailbroken devices before; however, this malware combines a number of techniques to successfully realize a new brand of threat to all iOS devices.

Once in place, the WireLurker code can gather information from the infected iOS device, such as contacts and messages, and it can even request updates from attackers.

Palo Alto Networks suggest a number of ways to avoid WireLurker, including loading an antivirus app, avoiding jailbreaking, and turning on Mac App Store installation restrictions that prevent apps from unknown third parties form being installed. Palo Alto warns users should not download and run Mac apps or games from third-party app stores, download sites, or other untrusted sources.

Users should also avoid installing unknown provisioning profiles, and should only pair their iOS devices with trusted computers and chargers.

While Palo Alto Networks says they have informed Apple about the malware, an Apple spokesperson declined to comment.