Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

New 'WireLurker' malware targets Chinese Apple users, hops from OS X to iOS via USB

Last updated

Coming less than one week following the discovery of an OS X vulnerability called "Rootpipe," computer security researchers have found a new form of malware dubbed "WireLurker," which infects well-protected iOS devices through OS X.

Security experts at Palo Alto Networks outlined WireLurker in a research paper published on Wednesday, saying of the malware, "It is the biggest in scale we have ever seen," reports The New York Times.

WireLurker has been active in China for the past six months, first infecting Macs by inserting trojan software through repackaged OS X apps, then moving on to iOS devices via USB. The firm claims the malware is the first to automate generation of malicious iOS apps by implementing a binary file replacement attack.

"They are still preparing for an eventual attack," said Ryan Olson, Palo Alto Networks' director of threat intelligence. "Even though this is the first time this is happening, it demonstrates to a lot of attackers that this is a method that can be used to crack through the hard shell that Apple has built around its iOS devices."

Unlike other viruses, which usually target jailbroken iOS devices, WireLurker can jump from a Mac onto an iPhone running a vanilla version of Apple's operating system by leveraging Apple's enterprise provisioning assets.

As described the Palo Alto Networks, WireLurker monitors a Mac for new iOS devices through infected programs, then installs over USB malicious applications either download from a remote server or generated autonomously on-device. Once installed, the malware can access sensitive data like user contacts, read iMessages and ping a remote server for command-and-control operations, among other nefarious functions.

So far, 467 OS X apps have been infected and distributed through China's third-party Maiyadi App Store, with downloads totaling over 356,104 possibly impacting "hundreds of thousands of users." It is unclear what information the malware's creator is after, but the code is being continuously updated and is therefore deemed active.



67 Comments

dasanman69 15 Years · 12999 comments

[quote name="ChristophB" url="/t/183271/new-wirelurker-malware-targets-chinese-mac-and-ios-device-owners#post_2635379"]But what does it do to the owner?[/quote] Nothing.

lolliver 10 Years · 498 comments

[quote name="AppleInsider" url="/t/183271/new-wirelurker-malware-targets-chinese-apple-users-hops-from-os-x-to-ios-via-usb#post_2635374"]Coming less than one week following the discovery of an OS X vulnerability called "Rootpipe," computer security researchers have found a new form of malware dubbed "WireLurker," which infects well-protected iOS devices through OS X.[/quote] It only infects those well protected iOS devices through OS X if the user is downloading Applications to their Mac from a 3rd party App store rather than the Mac App store. Would have been helpful if the author included details about developer certificates. Do the OS X apps on this 3rd party App Store have a signed developer certificate or does the user have to allow apps to be installed from untrusted developers. Knowing that malware can be installed onto an iPhone via a Mac is still a concern but if it only occurs when default security measures in OS X are disabled then it's not much different than the security risks of jail breaking an iPhone.

thewhitefalcon 10 Years · 4444 comments

[quote name="Lolliver" url="/t/183271/new-wirelurker-malware-targets-chinese-apple-users-hops-from-os-x-to-ios-via-usb#post_2635410"] It only infects those well protected iOS devices through OS X if the user is downloading Applications to their Mac from a 3rd party App store rather than the Mac App store. Would have been helpful if the author included details about developer certificates. Do the OS X apps on this 3rd party App Store have a signed developer certificate or does the user have to allow apps to be installed from untrusted developers. Knowing that malware can be installed onto an iPhone via a Mac is still a concern but if it only occurs when default security measures in OS X are disabled then it's not much different than the security risks of jail breaking an iPhone.[/quote] I would guess that you have to allow untrusted downloads, just like on Android when you install a third party app.

gatorguy 13 Years · 24627 comments

[quote name="TheWhiteFalcon" url="/t/183271/new-wirelurker-malware-targets-chinese-apple-users-hops-from-os-x-to-ios-via-usb#post_2635416"] I would guess that you have to allow untrusted downloads, just like on Android when you install a third party app.[/quote] It's explained pretty well in the AI link: http://researchcenter.paloaltonetworks.com/2014/11/wirelurker-new-era-os-x-ios-malware/