A new form of malware is targeting Apple’s mobile operating systems and desktop users, reports Palo Alto Networks.
According to the network security company, WireLurker spreads through third-party apps uploaded to the Apps Store, after which it steals personal information.
The malware is unique in that it can transfer from infected Macs onto iPhones and other Apple devices via USB connections, explains Ryan Olson, intelligence director for Palo Alto Networks’ Unit 42 division.
The threat is also the only malware capable of infecting non-jailbroken Apple devices that has been observed in the wild.
Only two other malware have been successfully installed onto non-jailbroken iOS devices in the past, both of which occurred several years ago. Upon discovery, Apple removed them from the App Store immediately.
“WireLurker is unlike anything we’ve ever seen in terms of Apple iOS and OS X malware,” Olson continues. “The techniques in use suggest that bad actors are getting more sophisticated when it comes to exploiting some of the world’s best-known desktop and mobile platforms.”
The intentions of the attackers have yet to be determined.
As of October 16, it was reported that 467 Mac programs were compromised with the malware, which were downloaded 356,104 times.
Most of the victims thus far have been from China, with the malware originating from a third-party app store in that country.
Once installed on a Mac, the malware communicates with a command and control server and waits for another Apple device to be installed. At that point, it checks to see if the device has been jailbroken.
If it has been, Wirelurker backs up the device’s apps to the Mac, where it repackages them with malware and uploads those versions back onto the device.
If it hasn’t, it uses a permissions request with a “provisioning profile” to inform the device it can install any other app with the same bogus enterprise certificate.
Users generally believe that Macs and Apple devices are safe. However, WireLurker could redefine malware for these operating systems and open the door for additional networks.
To protect themselves against WireLurker and similar malware, users are urged to install apps only from trusted sources, to not jailbreak their devices and to avoid connecting Apple products to untrusted computers.
Palo Alto Networks has published a report on the malware, which can be read here.