Researchers Discover New 'WireLurker' Malware Affecting Macs and iOS Devices in China [Updated]

Discussion in 'MacRumors.com News Discussion' started by MacRumors, Nov 5, 2014.

  1. MacRumors macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    [​IMG]
    Researchers from Palo Alto Networks (via The New York Times) have published a research paper on WireLurker, a malware new family that's been infecting both Mac OS and iOS systems over the course of the past six months. The researchers say that WireLurker, which is targeting users in China, "heralds a new era in malware attacking Apple's desktop and mobile platforms."

    The WireLurker malware is the "biggest in scale" in the trojanized malware family, and it is able to attack iOS devices through OS X using USB. It's said to be able to infect iOS applications similar to a traditional virus, and it is the first malware capable of installing third-party applications on non-jailbroken iOS devices "through enterprise provisioning."

    Thus far, WireLurker has been used in 467 OS X apps in the Maiyadi App Store, which is a third-party Mac app store in China. The apps have been downloaded 356,104 times, infecting hundreds of thousands of users.

    According to the researchers, WireLurker looks for iOS devices connected via USB to an infected Mac, installing malicious third-party applications onto the device even without a jailbreak.
    Once installed, WireLurker can collect information from iOS devices like contacts and iMessages, and it's able to request updates from attackers. It's said to be under "active development" with an unclear "ultimate goal."

    Palo Alto Neworks offers several recommendations for avoiding apps infected with WireLurker, including an antivirus product and Mac App Store installation restrictions that prevent apps from unknown third parties from being installed. Users should not download and run Mac apps or games from third-parry app stores, download sites, or other untrusted sources and jailbreaking should be avoided.

    Unknown enterprise provisioning profiles must be avoided as well, and users should avoid pairing their iOS devices with unknown computers or charging with chargers from untrusted or unknown sources.

    Palo Alto Networks has notified Apple of the malware, but an Apple spokesperson declined to offer a comment.

    Update: Apple has issued a statement to iMore about the issue:
    Article Link: Researchers Discover New 'WireLurker' Malware Affecting Macs and iOS Devices in China [Updated]
     
  2. 0xyMoron macrumors 6502

    Joined:
    Oct 5, 2012
    Location:
    California
  3. mattcha90 macrumors newbie

    Joined:
    Nov 5, 2014
    #3
    This is what everyone who always complain about Apple's vice-grip on openness doesn't understand. If you stick with the Apple pre-approved things you're safe 99.99% of the time. It's only when you open yourself to third party apps that you run the risk of malware. It can't exist without you opening the door to it.
     
  4. fins831 macrumors 6502a

    Joined:
    Oct 7, 2011
    #4
    this is why I love the closed environment Apple creates, if the consumer is smart, they will be unaffected 99percent of the time. Walled garden protect me from all the bad stuff please haha
     
  5. bbeagle macrumors 68040

    bbeagle

    Joined:
    Oct 19, 2010
    Location:
    Buffalo, NY
    #6
    Trojan software exists on ALL systems. This is nothing new.

    Anyone can write a program on Windows/Unix/OS X to do ANYTHING. That's really the point of personal computers. There is nothing Apple/Microsoft or anyone can do to stop this outside of using their approved app stores where they can take down a malicious app like this.

    This article is just iHater bait to people who don't understand how software works. A virus or worm is a different thing. A trojan - can happen to any operating system at any time. A trojan is basically software that says it does one thing then actually does something else. That's what Apple's App Store helps avoid, apps like this. This proves, again, that the Apple closed app store protects users better.
     
  6. goobot macrumors 603

    goobot

    Joined:
    Jun 26, 2009
    Location:
    long island NY
    #7
    What does jailbreaking have to do with this? Obviously use a known tool but other than that this is an over-reactive comment.
     
  7. BigBeast macrumors 6502a

    Joined:
    Mar 6, 2009
    #8
    The ultimate goal? Most likely to decrease Apple's presence in China and instill FUD in Chinese consumers.
     
  8. shadowbird423 macrumors 6502

    shadowbird423

    Joined:
    Sep 8, 2009
    Location:
    Chapel Hill
    #9
    I know, right. All iOS devices are vulnerable to a rogue cert like this one, but they couldn't resist the fear mongering.
     
  9. Glassed Silver, Nov 5, 2014
    Last edited: Nov 5, 2014

    Glassed Silver macrumors 68020

    Glassed Silver

    Joined:
    Mar 10, 2007
    Location:
    Kassel, Germany
    #10
    Because jailbreaking's single reason is to intendedly load un-signed code onto your iOS device, basically a much shorter route than the one this hack takes.

    It's a simplified way of inviting malicious code onto your phone that basically can achieve the same results.

    PS: Not that I'd flat out tell everyone not to jailbreak because of this.
    If someone asked me to do it for them and they were determined to get it done, I'll help them for sure.

    Glassed Silver:mac
     
  10. Michaelgtrusa macrumors 604

    Joined:
    Oct 13, 2008
    #11
    We gave jobs to them that just a few decades ago china had nothing to offer except fireworks! This is how they repay us in the many cruel ways that they have and the west refuses to wake up to what it's done to themselves! This could all be reversed.
     
  11. macduke macrumors G3

    macduke

    Joined:
    Jun 27, 2007
    Location:
    Central U.S.
    #12
    This is what happens when you go outside the walled garden without supervision. If you're going to do it, make sure you know where you're getting your apps from. It's a calculated risk. I wonder if this enterprise installation thing is truly hacked, or if it's a legit certificate that Apple can just revoke?
     
  12. Dragonlance1561 macrumors member

    Dragonlance1561

    Joined:
    Aug 16, 2007
    #13
    Jailbreaking disables a lot of the security measures that apple has in place to prevent apps from outside the AppStore being installed. Obviously in this particular case it doesn't change the end result, but in many other cases it does.

    I personally don't jailbreak my devices because I don't know where the apps on the Cydia store come from, who coded them, or what they might do in the background without my knowledge - as all of the "this app is trying to access _____ data" messages are disabled when you jailbreak, or more, the apps don't have to follow those rules so why would they?
     
  13. Swift macrumors 68000

    Swift

    Joined:
    Feb 18, 2003
    Location:
    Los Angeles
    #14
    who might have done this?

    They have third-party App Stores in China? There's your first mistake. I'm thinking that there's less likelihood this will get through the Mac App store. The Chinese government might want to suck out all the contacts in somebody's Contacts, no? Just like somebody, nobody knows who (?), was doing man in the middle attacks on iCloud in China with fake certificates.
     
  14. Michaelgtrusa macrumors 604

    Joined:
    Oct 13, 2008
    #15
    Tim Cooks visit will accomplish nothing.
     
  15. flowsy macrumors 6502

    flowsy

    Joined:
    Aug 16, 2009
    Location:
    Germany
    #16
    Say what!? Come on now. :rolleyes: All of them? 1.366.040.000 (August 2014) ;)
     
  16. mavere macrumors member

    Joined:
    Jun 6, 2007
    #17
    Wait, so the iOS-portion of the malware depends on the user accepting unknown Enterprise provisioning profiles? At that point, aren't you just asking for trouble?
     
  17. Michael Goff macrumors G5

    Michael Goff

    Joined:
    Jul 5, 2012
    #18
    And everyone who moved their business over there did it out of the kindness of their hearts, right?

    :rolls eyes:
     
  18. lotzosushi macrumors 6502

    lotzosushi

    Joined:
    Jan 10, 2007
  19. flowsy macrumors 6502

    flowsy

    Joined:
    Aug 16, 2009
    Location:
    Germany
    #20
    A lot of big companies have their own "AppStores" for specific internal apps.
     
  20. goobot, Nov 5, 2014
    Last edited: Nov 5, 2014

    goobot macrumors 603

    goobot

    Joined:
    Jun 26, 2009
    Location:
    long island NY
    #21
    Apps is cydia's official repos aren't malicious in anyway. Third party sources maybe but those you have to go out of your way to get to, also jailbreaking disables 0 securities. Yes you can install stuff that may put you at greater risk but just the JB itself doesn't.

    Again there is a difference between installing something you know nothing about vs not. Jailbreaking itself doesn't invite any malicious code onto your device like downloading a file from any major company on your computer doesn't.
     
  21. rsocal macrumors 6502a

    rsocal

    Joined:
    Sep 22, 2008
    Location:
    Southern Ca
    #22

    This is why I have always been a big fan of the walled garden!:cool::apple:
    Not one of my Apple products has suffered any virus attacks.:cool::apple:
     
  22. fallenjt macrumors 6502a

    Joined:
    Jul 3, 2013
    #23
    Thanks, Apple for your closed system and malware free environment. People in China want to get cheap apps or free app and this is their result of being cheap.

    ----------

    mine too. My Mac Mini is on 24/7 since bought in Nov 2011...no attack, virus, malware ever.
     
  23. Hennesie2000 macrumors 68000

    Joined:
    Sep 29, 2007
    Location:
    Maryland
    #24
    Wrong, the main goal of jailbreaking is to have root access. What you decide to do after that is obtained is your choice.
     
  24. Michaelgtrusa macrumors 604

    Joined:
    Oct 13, 2008
    #25
    NO! They did it for greed! You knew that right?
     

Share This Page