A new malware have been infecting both the Mac OS and iOS systems for a few months now and according to a research done by security experts called Palo Alto Network via The New York Times, this malware is mainly focused on Apple products and is capable of infecting non-jailbroken iOS devices, though this trojanized malware has affected mainly China users at the mean time but it’s a only of time before it spreads.
The new Wireluker malware is able to infect on iOS devices through USB by an infected Mac and it’s the first malware capable of installing third-party applications on non-jailbroken devices.
These infected Mac apps are coming from the Maiyadi App Store, a third-party store operated in China. According to Palo Alto Networks, over 400 apps are infected in the store and have been downloaded about 356,000 times, infected thousands of users mostly coming from China.
Once installed, Wirelurker can collect information like contacts read iMessages and automatically download updates to itself with users having to do nothing.
WireLurker monitors any iOS device connected via USB with an infected OS X computer and installs downloaded third-party applications or automatically generated malicious applications onto the device, regardless of whether it is jailbroken. This is the reason we call it “wire lurker”. Researchers have demonstrated similar methods to attack non-jailbroken devices before; however, this malware combines a number of techniques to successfully realize a new brand of threat to all iOS devices.
WireLurker exhibits complex code structure, multiple component versions, file hiding, code obfuscation and customized encryption to thwart anti-reversing. In this whitepaper, we explain how WireLurker is delivered, the details of its malware progression, and specifics on its operation.
The company offered several recommendations to avoid getting infected by this Malware. An antivirus product, download Mac apps straight from Apple store, not third-party apps stores, third-party download sites or other untrusted sources and jailbreaking should be highly avoided.
Photo Credit: 9to5mac
