Apple has taken steps to block the recently discovered ‘WireLurker’ malware that can infect even non-jailbroken iOS devices.
Discovered by Palo Alto Networks, WireLurker was used to trojanize 467 OS X applications on the Maiyadi App Store, a third-party Mac application store in China. In the past six months, these 467 infected applications were downloaded over 356,104 times and may have impacted hundreds of thousands of users.
Here’s how WireLurker works:
WireLurker monitors any iOS device connected via USB with an infected OS X computer and installs downloaded third-party applications or automatically generated malicious applications onto the device, regardless of whether it is jailbroken. This is the reason we call it “wire lurker”. Researchers have demonstrated similar methods to attack non-jailbroken devices before; however, this malware combines a number of techniques to successfully realize a new brand of threat to all iOS devices.
Apple has now blocked the apps from launching and infecting iOS devices. Here’s their statement on the matter.
“We are aware of malicious software available from a download site aimed at users in China, and we’ve blocked the identified apps to prevent them from launching. As always, we recommend that users download and install software from trusted sources,” said an Apple spokesperson.
Here’s the steps Palo Alto Networks recommends you take to minimize the chance of infection by similar threats:
● Enterprises should assure their mobile device traffic is routed through a threat prevention system using a mobile security application like GlobalProtect
● Employ an antivirus or security protection product for the Mac OS X system and keep its signatures up-to-date
● In the OS X System Preferences panel under “Security & Privacy,” ensure “Allow apps downloaded from Mac App Store (or Mac App Store and identified developers)” is set
● Do not download and run Mac applications or games from any third-party app store, download site or other untrusted source
● Keep the iOS version on your device up-to-date
● Do not accept any unknown enterprise provisioning profile unless an authorized, trusted party (e.g. your IT corporate help desk) explicitly instructs you to do so
● Do not pair your iOS device with untrusted or unknown computers or devices
● Avoid powering your iOS device through chargers from untrusted or unknown sources
● Similarly, avoid connecting iOS devices with untrusted or unknown accessories or computers (Mac or PC)
● Do not jailbreak your iOS device; If you do jailbreak it, only use credible Cydia community sources and avoid the use or storage of sensitive personal information on that device
More details on WireLurker.
Leave a Reply