Home Business IT Security WireLurker malware hits iOS via OS X

Mac applications are being used to sneak malware onto iPhones and iPads.

Security vendor Palo Alto Networks has released a research paper [registration required] describing WireLurker, a new family of malware using OS X applications to infect iOS devices.

First discovered in China, WireLurker is being distributed by repackaging third-party OS X applications and making them available from non-Apple app stores (and potentially other download sites).

When one of those Trojanised applications is run, it installs the OS X component of WireLurker, which in turn updates itself, downloads the iOS components, and then waits for an iOS device to be connected via USB.

Once that happens, it determines whether the device has been jailbroken or not.

If it has, it backs up certain apps (at this stage it targets a small number of apps aimed at the China market, such as the official client apps for Taobao and Alipay) from the device to the Mac, repackages them with malware, and then restores the modified apps along with other malicious apps downloaded from the WireLurker command and control server.

WireLurker is then able to extract all contact names, phone numbers and Apple IDs from the device, which it forwards to its server.

For non-jailbroken devices, WireLurker just installs the malicious iOS apps it has downloaded from its server, exploiting the facilities Apple provides for enterprise provisioning.

According to the Palo Alto report, WireLurker uses multiple methods to ensure that it keeps running in the background so it can detect when an iOS device is connected.

"WireLurker is now the only known active, non-jailbroken malware threat putting over 800 million iOS devices at risk," said the report.

So what does Palo Alto recommend to avoid falling foul of WireLurker?

• Enterprises should assure their mobile device traffic is routed through a threat prevention system using a mobile security application like GlobalProtect
• Employ an antivirus or security protection product for the Mac OS X system and keep its signatures up-to-date
• In the OS X System Preferences panel under “Security & Privacy”, ensure “Allow apps downloaded from Mac App Store (or Mac App Store and identified developers)” is set
• Do not download and run Mac applications or games from any third-party app store, download site or other untrusted source
• Keep the iOS version on your device up-to-date
• Do not accept any unknown enterprise provisioning profile unless an authorized, trusted party (e.g. your IT corporate help desk) explicitly instructs you to do so
• Do not pair your iOS device with untrusted or unknown computers or devices
• Avoid powering your iOS device through chargers from untrusted or unknown sources
• Similarly, avoid connecting iOS devices with untrusted or unknown accessories or computers (Mac or PC)
• Do not jailbreak your iOS device; If you do jailbreak it, only use credible Cydia community sources and avoid the use or storage of sensitive personal information on that device

The company has made available a Python script to help detect signs of WireLurker on a Mac.

"WireLurker is unlike anything we've ever seen in terms of Apple iOS and OS X malware," said Palo Alto Networks' Unit 42 intelligence director Ryan Olsen.

"The techniques in use suggest that bad actors are getting more sophisticated when it comes to exploiting some of the world's best-known desktop and mobile platforms."

HOW TOP MANAGERS MOTIVATE, ENERGISE EMPLOYEES

Download an in-depth guide to managing a healthy, motivated and energetic workforce without breaking the bank.

DOWNLOAD NOW!

Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences, a PhD in Industrial and Business Studies, and is a senior member of the Australian Computer Society.

 

 

 

 

Connect

Join the iTWire Community and be part of the latest news, invites to exclusive events, whitepapers and educational materials and oppertunities.
Why do I want to receive this daily update?
  • The latest features from iTWire
  • Free whitepaper downloads
  • Industry opportunities