The long held confidence iPhone users have had that they’re safe from malware has been dealt a blow, with enterprise security company Palo Alto Networks reporting a new family of Apple iOS and OS X malware.
The enterprise security company says the new malware family, dubbed WireLurker, marks ‘a new era’ in malware across Apple’s desktop and mobile platforms.
WireLurker can infect even non-jailbroken iOS devices through trojanised and repackaged OS X applications and is the first known malware family that can infect installed iOS applications similar to how a traditional virus would.
It jumps from infected Macs onto iPhones through USB connections.
Palo Alto Networks says WireLurker is capable of stealing a variety of information from infected mobile devices, and regularly requests updates from the attackers command and control server. However, the company notes the malware is under active development and its creators ultimate goal is still not yet clear.
The malware family, which has been targeting iOS and OS X for the past six months, is the first in-the-wild malware family that can install third-party applications on non-jailbroken iOS devices through enterprise provisioning.
Palo Alto Networks says it is also only the second known malware family that attacks iOS devices through OS X via USB and is the first malware family to automate generation of malicious iOS applications through binary file replacement.
A Palo Alto Networks blog says WireLurker was used to trojanise 467 OS X applications on Chinese third-party app store, Maiyadi.
“In the past six months, these 467 infected applications were downloaded over 356,104 times and may have impacted hundreds of thousands of users,”
Ryan Olson, Palo Alto Networks intelligence director, Unit 42, says WireLurker is unlike anything seen before in terms of Apple iOS and OS X malware.
“The techniques in use suggest that bad actors are getting more sophisticated when it comes to exploiting some of the world’s best-known desktop and mobile platforms.”
Palo Alto Networks is recommending a number of actions Apple users can take to mitigate the threat from WireLurker and similar threats, including enterprises routing mobile device traffic through threat prevention systems using mobile security applications, and employing an antivirus or security protection product for the Mac OS X system and keeping its signatures up-to-date.
The company also recommends ensuring ‘Allow apps downloaded from Mac App Store (or Mac App store and identified developers)’ is set in the OS X System Preferences panel, under security and privacy.
Users should also avoid downloading and running Mac applications or games from third-party app stores, download sites or any other untrusted sources and keep the iOS version up-to-date.
Other recommendations from Palo Alto Networks are:
- Do not accept any unknown enterprise provisioning profile unless an authorised, trusted party (eg your IT corporate help desk) explicitly instructs you to do so
- Do not pair your iOS device with untrusted or unknown computers or devices
- Avoid powering your iOS device through chargers from untrusted or unknown sources
- Similarly, avoid connecting iOS devices with untrusted or unknown accessories or computers (Mac or PC)
- Do not jailbreak your iOS device. If you do jailbreak it, only use credible Cydia community sources and avoid the use or storage of sensitive personal information on that device