Apple users should be cautious in monitoring developments for this serious threat. As protection emerges, users should quickly patch or fortify their systems and avoid risky documents or device connections.
The Market Watch link notes that up to 800,000,000 devices are potentially at risk until improved protection and containment are in place. While the media often sensationalizes early reports, the technical capabilities of this malware are highly advanced with several “firsts” for the OSX platform.
QUOTE: EXECUTIVE SUMMMARY
– Palo Alto Networks recently discovered a new family of Apple OS X and iOS malware, which we have named WireLurker. We believe that this malware family heralds a new era in malware across Apple’s desktop and mobile platforms
based on the following characteristics:
* Of known malware families distributed through trojanized / repackaged OS X applications, the biggest in scale
we have ever seen
* Only the second known malware family that attacks iOS devices through OS X via USB
* First malware to automate generation of malicious iOS applications, through binary file replacement
* First known malware that can infect installed iOS applications similar to a traditional virus
* First in-the-wild malware to install third-party applications on non-jailbroken iOS devices
through enterprise provisioning WireLurker was used to trojanize 467 OS X applications on the Maiyadi App Store, a third-party Mac application store in China. In the past six months, these 467 infected applications were downloaded over 356,104 times and may have impacted hundreds of thousands of users.
WireLurker monitors any iOS device connected via USB with an infected OS X computer
and installs downloaded third-party applications or automatically generated malicious applications onto the device, regardless of whether it is jailbroken. This is the reason we call it “wire lurker”. Researchers have demonstrated similar methods to attack non-jailbroken devices before; however, this malware combines a number of
techniques to successfully realize a new breed of threat to all iOS devices.
WireLurker exhibits complex code structure, multiple component versions, file hiding, code obfuscation and customized encryption to thwart anti-reversing
. In this whitepaper, we explain how WireLurker is delivered, the details of its malware progression, and specifics on its operation.
We further describe WireLurker’s potential impact; methods to prevent, detect, contain and remediate the threat; and Palo Alto Networks enterprise security platform protections in place to counter associated risk.
WireLurker is capable of stealing a variety of information from the mobile devices it infects and regularly requests updates from the attackers command and control server. This malware is under active development and its creator’s ultimate goal is not yet clear.