iPhone iOS Attack: Malware 'Wirelurker' Impacts Thousands of Users; How to Protect & Avoid Infection
A new malware attack against Apple devices has been discovered by Palo Alto Networks earlier this week, wrote Time. Dubbed as "WireLurker," the malicious system is noted by Palo Alto to be "the biggest in scale we have ever seen."
Time reported that the malware has infected more than 450 apps -- all coming from a third party, Chinese App Store known as Maiyadi. Accordingly, the app has been downloaded 356,104 times in the last six months.
In penetrating the iOS system, Forbes noted that the malware utilizes Mac OS X machines (Macs / MacBooks) as entry points. Eventually, all other Apple devices are infected via USB connection, following the installation of malware-hosting apps. What's particularly alarming about "WireLurker" is that it gets through a device even if it isn't jailbroken.
Palo Alto Networks called the malware a "new breed of threat to all iOS devices."
Forensics researcher and iOS expert Jonathan Zdziarski described how nasty "WireLurker" could be. To start with, the malware abuses the iDevices' pairing (Mac-iPhone, for instance) by collecting pertinent information such as serial number, phone number, iTunes store identifier among others -- sending them to a remote server. Zdziarski warned that a jailbroken device is at worse risk, since more malicious softwares can possibly get into the attaching iDevice.
Here are some tips provided by Palo Alto Networks on how users can maximize the OS X system's protection, eventually saving iDevice/s.
1. Download only approved apps from Apple's official App Store. Secure the system by blocking third-party apps: from System Preferences > Security and Privacy > Allow apps downloaded from Mac App Store.
2. Download anti-virus for OS X. Make sure to keep the signatures up-to-date. See some programs listed by Macworld here.
3. Keep the iDevice's iOS updated.
4. Avoid pairing the iOS device with unknown or untrusted computers / devices.
5. Avoid jailbreaking the iOS device; jailbroken devices are advised to use credible Cydia community sources. Storing sensitive information among such devices is also discouraged.
Apple is aware of the situation. At present, the Cupertino tech giant told The Register that the cryptographic certificate used "WireLurker" to get into the system has been revoked. Apparently, the then-legitimate certificate has fooled iOS devices -- allowing access and installation of infected apps.
Apple told the outlet, "We are aware of malicious software available from a download site aimed at users in China, and we've blocked the identified apps to prevent them from launching."
The company reminded iOS users to download and install softwares only from "trusted sources."
For more information about "WireLurker," check out the official statement from Palo Alto Networks here.
To check if your Mac desktop has been affected, click this detector provided by Palo Alto.