New 'WireLurker' malware targets Chinese Apple users, hops from OS X to iOS via USBComing less than one week following the discovery of an OS X vulnerability called "Rootpipe," computer security researchers have found a new form of malware dubbed "WireLurker," which infects well-protected iOS devices through OS X.
Security experts at Palo Alto Networks outlined WireLurker in a research paper published on Wednesday, saying of the malware, "It is the biggest in scale we have ever seen," reports The New York Times.
WireLurker has been active in China for the past six months, first infecting Macs by inserting trojan software through repackaged OS X apps, then moving on to iOS devices via USB. The firm claims the malware is the first to automate generation of malicious iOS apps by implementing a binary file replacement attack.
"They are still preparing for an eventual attack," said Ryan Olson, Palo Alto Networks' director of threat intelligence. "Even though this is the first time this is happening, it demonstrates to a lot of attackers that this is a method that can be used to crack through the hard shell that Apple has built around its iOS devices."
Unlike other viruses, which usually target jailbroken iOS devices, WireLurker can jump from a Mac onto an iPhone running a vanilla version of Apple's operating system by leveraging Apple's enterprise provisioning assets.
As described the Palo Alto Networks, WireLurker monitors a Mac for new iOS devices through infected programs, then installs over USB malicious applications either download from a remote server or generated autonomously on-device. Once installed, the malware can access sensitive data like user contacts, read iMessages and ping a remote server for command-and-control operations, among other nefarious functions.
So far, 467 OS X apps have been infected and distributed through China's third-party Maiyadi App Store, with downloads totaling over 356,104 possibly impacting "hundreds of thousands of users." It is unclear what information the malware's creator is after, but the code is being continuously updated and is therefore deemed active.
On Topic: Security
- Pokemon Go players sacrifice full Google account access, pair of fixes coming soon
- Another Mac-specific malware pops up, but Apple's Gatekeeper still prevents infection
- New Mac malware can remotely access FaceTime camera, but macOS Gatekeeper users are protected
- Apple's differential privacy in iOS 10 is opt-in, limited to four use cases
- Inside iOS 10: Apple doubles down on security with cutting edge differential privacy