Mobile menu toggle
Mobile menu toggle

First malware targeted at non-jailbroken iPhones spreads in China

By

I've loved every iPhone, from the first model onward, but they all seem impossibly small now. I haven't owned the iPhone 6 Plus (starting at $299 with two-year contract) for long, but already it feels like the right size for a phone that's more like a portable computer — that is, gigantic. All the things the naysayers said would be a problem — small-pocket-syndrome, bending, looking like an idiot holding it to my face — weren't true (except the looking like an idiot part). I keep it in my back pocket, and I have sat on it heavily every single day getting into my car or collapsing on the couch. I get a sickening feeling, but the iPhone's yet to show any damage. It's tougher than Bendghazi would have you believe. I love the long battery life, the bigger screen, the Touch ID. Even Siri is better, thanks to faster Wi-Fi and LTE. I can even use the 6 Plus one-handed (but I have unnaturally long chicken fingers). The biggest problems so far are the lack of a wallet case and finding the earphone speaker during a call. The phone's so big, it's easy to position the speaker beyond your ear, muffling the sound. I have to jigger it around my head until it gets loud. And if these are the biggest problems, there's not much to complain about. — Leander Kahney Photo: Jim Merithew/Cult of Mac
WireLurker is "the first known malware that can infect installed iOS applications similar to a traditional virus." Photo: Jim Merithew/Cult of Mac

(Updated with Apple statement below.)

A new class of malware targeted at OS X and iOS is spreading like wildfire in China, according to new research by Palo Alto Networks. Dubbed WireLurker, the trojan hides itself in apps distributed through a third-party Chinese app store for OS X and side-loads itself onto iOS devices via USB.

What sets WireLurker apart from other malware is that it is capable of infecting non-jailbroken iOS devices, and it heralds “a new era in malware attacking Apple’s desktop and mobile platforms.”

The malware is contained in China for now, a country that’s in the midst of a lot of tension with Apple over privacy and government spying concerns. Palo Alto Networks says the way WireLurker targets Apple users is “the biggest in scale we have ever seen.”

More than 400 infected apps have been distributed through the Maiyadi App Store, a popular third-party repository in China. The apps have been downloaded 356,104 times and have potentially infected “hundreds of thousands of users.”

How has WireLurker been able to spread so easily? It’s first “in-the-wild” malware to silently install unsigned code on iOS via enterprise provisioning profiles, which are designed to let corporations distribute internal apps without going through the App Store. Many retro game emulators have worked on iOS in the past by taking advantage of enterprise profiles.

On non-jailbroken devices, WireLurker merely installs a fake comic book app. On jailbroken devices, it behaves more nefariously by spying on financial apps like AliPay. The unknown creator’s “ultimate goal is not yet clear,” but the malware is still “under active development.”

“They are still preparing for an eventual attack,” Palo Alto Networks told The New York Times. “Even though this is the first time this is happening, it demonstrates to a lot of attackers that this is a method that can be used to crack through the hard shell that Apple has built around its iOS devices.”

Apple has been notified about WireLurker but has not returned Palo Alto Networks’ request for comment.

Update: Apple has issued a statement to iMore on the matter. The company says it’s revoked the enterprise certificate WireLurker uses to install malicious apps.

“We are aware of malicious software available from a download site aimed at users in China,” an Apple spokesperson told iMore, “and we’ve blocked the identified apps to prevent them from launching. As always, we recommend that users download and install software from trusted sources.”

Source: Palo Alto Networks

Newsletters

Daily round-ups or a weekly refresher, straight from Cult of Mac to your inbox.

  • The Weekender

    The week's best Apple news, reviews and how-tos from Cult of Mac, every Saturday morning. Our readers say: "Thank you guys for always posting cool stuff" -- Vaughn Nevins. "Very informative" -- Kenly Xavier.

Newsletter archive
Posted in: News, Top stories Tagged: , , , , , , ,