Apple now blocking 'WireLurker' malware targeting Chinese iOS & Mac users
Apple on Thursday announced it has begun taking measures to block apps that contain the so-called "WireLurker" malware, which transmits from a Mac to iOS devices over USB, by preventing the infected applications from launching.
In a statement issued by Apple to The Wall Street Journal on Thursday, the company confirmed that the malicious software is "available from a download site aimed at users in China." In order to stop the spread of the malware, Apple has blocked the applications in question, and is even preventing them from launching on users' Macs.
At total 467 infected applications have been found on the Chinese Maiyadi App Store for Mac OS X systems. That's different from the official Mac App Store, which is controlled and curated by Apple and its own approval process.
Apple has suggested that users only download applications from "trusted sources," such as the Mac App Store.
The malware was first spotlighted on Wednesday by the security experts at Palo Alto Networks. They found that WireLurker has been active in China for the past six months, first infecting Macs by inserting trojan software through repackaged OS X apps, then moving on to iOS devices over wired USB.
The unique method of infecting iOS devices allows WireLurker to bypass the strong security Apple has built for its mobile platform. To date, other viruses targeting the iPhone and iPad have typically focused on "jailbroken" iOS software, which the user has willingly compromised in order to be able to add new unauthorized functions or install stolen applications.
Once it has been installed, WireLurker can access sensitive data such as viewing user contacts or iMessages, and it can also ping a remote server for command-and-control operations. Palo Alto Networks estimates that the 467 infected OS X applications may have been downloaded more than 350,000 times to date, potentially affecting "hundreds of thousands of users."