Everything Apple Users Need to Know About New ‘WireLurker’ Malware

Source: Thinkstock

Source: Thinkstock

While the vast majority of mobile malware is still found on Android, a newly discovered program that’s infecting iOS and Mac operating systems shows that attackers are increasingly targeting Apple’s platforms. As reported by the New York Times, researchers at security company Palo Alto Networks recently published a paper detailing a malware program known as WireLurker that “heralds a new era in malware attacking Apple’s desktop and mobile platforms.”

The WireLurker malware first emerged on the Maiyadi App Store, a popular third-party Mac application store in China. According to Palo Alto Networks, WireLurker trojanized or repackaged 467 OS X applications on the Maiyadi App Store that were downloaded over 356,104 times, potentially infecting hundreds of thousands of Apple devices. While WireLurker appears to have been aimed primarily at Chinese users, as noted by Palo Alto Networks, the malware has several unique characteristics that make Apple users around the world susceptible to infection.

Many previous malware programs have been aimed at users of so-called “jailbroken” Apple devices that have had software alterations in order to allow the downloading of unauthorized apps. This meant that users who were running authorized versions of Apple’s iOS were usually safe from those types of malware. However, as noted by Palo Alto Networks, WireLurker is “the first in-the-wild malware to install third-party applications on non-jailbroken iOS devices through enterprise provisioning.” Enterprise provisioning is the process that allows businesses to install software on devices used for work.

Another unusual aspect of WireLurker is how it infects Apple’s iOS-powered mobile devices. “It is only the second known malware family that attacks iOS devices through OS X via USB,” notes Palo Alto Networks, and the “first malware to automate generation of malicious iOS applications through binary file replacement.” This means that users who have never visited a third-party app store or jailbroken their iPhone could still have their device infected by simply plugging into a compromised OS X computer. The malware’s ability to infect mobile devices via a USB connection is the reason why it was dubbed “WireLurker” by security researchers.

Photo by Justin Sullivan/Getty Images

Photo by Justin Sullivan/Getty Images

Another notable characteristic of the WireLurker malware is its scale. According to Palo Alto Networks, “Of known malware families distributed through trojanized/repackaged OS X applications, it is the biggest in scale we have ever seen.” Finally, the security researchers say that WireLurker is unique for being “the first known malware that can infect installed iOS applications similar to a traditional virus.” All of these characteristics make WireLurker a particularly dire threat to Apple users.

So how can Apple users protect their devices from being infected by WireLurker? One of the most obvious steps you should take is not to attach your iOS device to any unknown or untrusted computers or chargers. As far as preventing your Mac from being infected, Palo Alto Networks recommends that users always make sure that all of their antivirus and security software are up-to-date. The security researchers also recommend that Mac users “not download and run Mac applications or games from any third-party app store, download site or other untrusted source.”  Finally, since WireLurker exploits the enterprise provisioning feature, Palo Alto Networks recommends not accepting any enterprise provisioning profiles, unless specifically instructed to do so by your company.

The news of the China-based WireLurker malware comes just a few weeks after a Chinese Internet monitoring group claimed that government-backed hackers were trying to gain access to users’ iCloud data, as reported by Reuters. While China’s government was alleged to be behind the recent iCloud attack, it is unknown who is behind the WireLurker malware. As noted by Palo Alto Networks, WireLurker “is under active development and its creator’s ultimate goal is not yet clear.”

The iCloud hacking attack and the emergence of WireLurker comes amid Apple’s growing popularity in China. As noted by Apple CEO Tim Cook at the company’s recent iPad media event, the company rolled out its new iPhone models with all three of China’s major carriers for the first time this year and pre-orders for the new iPhone models in China set a new record. At the company’s Worldwide Developers Conference in June 2014, Cook highlighted the fact that 99% of the all mobile malware was found on the Android operating system. With more than 80% of the world’s smartphones still running Android according to IDC, this statistic is unlikely to change soon. However, the emergence of WireLurker and other malware programs targeted specifically at iOS-based devices could be the first signs of more malware trouble for Apple down the line.

Follow Nathanael on Twitter @ArnoldEtan_WSCS

More from Tech Cheat Sheet: