A security firm has just published a paper on new OS X and iOS malware dubbed WireLurker which threatens Apple devices - your iPad, iPhone and Mac computer. Indeed, Palo Alto Networks called the family of malware, a "new era" in threats targeted at Apple.
The company noted that the malware attacks a user's iOS device via the USB connection from their Mac OS X computer, and it's only the second malware family that does so. It's also the biggest scale threat the company has discovered which proliferates itself via repackaged OS X apps.
WireLurker installs third-party apps on Apple iOS devices
Palo Alto Networks described how the malware functions thusly: It infects an OS X machine and then monitors for any iOS device being connected via USB, and it then installs third-party apps or "automatically generated" malicious apps onto the iDevice – regardless of whether it's jailbroken or not.
While similar threats to non-jailbroken Apple devices have been demonstrated previously, this malware is particularly dangerous due to its sophistication. The security firm warned: "WireLurker exhibits complex code structure, multiple component versions, file hiding, code obfuscation and customised encryption to thwart anti-reversing."
Thus far, WireLurker has trojanised some 467 OS X apps on the Maiyadi App Store, which is a third-party app store for the Mac in China – so predictably enough, it's those who frequent off-the-beaten-track app outlets who are at risk. The malware has been active for the past six months, apparently.
While it's just a Chinese problem right now, it's a definite warning that this sort of thing is likely to be on the way worldwide. Apple users are a particularly tempting target given that Macs and iOS devices are commonly thought of as so secure that users don't really need to worry much about any precautions. Palo Alto Networks provides advice to help combat this malware on its blog post here, but all the usual nuggets pertain: Keep your devices up to date, use antivirus on your Mac, and enterprises are advised to route mobile traffic through a threat prevention system.
It has to be said, though, that the main point is, once again: Don't tangle with third-party app stores.