Researchers Discover New 'WireLurker' Malware Affecting Macs and iOS Devices in China [Updated]

[tech4all]

This is why I have always been a big fan of the walled garden!
Not one of my Apple products has suffered any virus attacks.

Thanks, Apple for your closed system and malware free environment. People in China want to get cheap apps or free app and this is their result of being cheap.

----------



mine too. My Mac Mini is on 24/7 since bought in Nov 2011...no attack, virus, malware ever.

These kind of comments are concerning to me because Mac/iOS users seem to have a (false) sense of security. If a real threat were to hit Apple, OS X or iOS or both, would users be prepared? If you don't have any anti virus apps, really, you don't know if you never been hit by malware. I remember years ago when this happened. Not much happened, but to think you're invisible just because you buy something with an on it is a false sense of security. I mean OS X has been out for over a decade now and no real threats have happened, at least not yet. No OS is perfect.

No attack, virus, or malware that you KNOW of.

+1 to this. Without any anti virus apps, you don't know that for a fact.

None of mine too Then again, in 20 years I've never had a virus on any of my windows machines either...

On my Windows 7 laptop, I've had zero viruses in over 2.5 years (plus other years with Windows) despite Windows being so 'virus prone.'

 

[VMukhtarov]

Don't eat free food from trash and you don't get diarrhea. So difficult to understand?

 

[killawat]

I mean, if the iDevice owner need to "Accept" some certification before they can install these Apps, then this Wireluker malware is nothing but another EBKAC.

I wonder how does these hackers acquire the enterprise certifications. Did they steal from some other enterprise ? Or they'RE the enterprise ? Can Apple just disable these problematic profiles to stop them ?

That's what makes it even more hilarious. The report is making it seem like a signed enterprise profile is the key to the kingdom. It's not. the user still has to install the profile. The only difference is that the profile will appear as signed vs a profile that isn't signed.

So just to reiterate, the app is mysteriously loaded after a user downloads a malicious app. They'd need to open it, approve it, AND approve the installation of the enterprise profile. If it's jailbroken (and hence the safeguards are disabled, root account available (root|pw:alpine) then the app can do a little more work on the back end but the app still needs to be loaded.

 

[anek007]

What are people download for their MacBook? Other than the stock Apple apps the rest of the Mac app store is just junk.

 

[nutjob]

Don't eat free food from trash and you don't get diarrhea. So difficult to understand?

In other words: always blame the victim. It's the Apple way.

 

[FieldingMellish]

Oh, the joys of entering the Chinese market continue.

 

[allanfries]

Hmmmm ! 3rd party App store in China. Wow.

 

[VMukhtarov]

In other words: always blame the victim. It's the Apple way.

So restaurants are guilty of diarrhea because of bad food from trash cans? Ok.

 

[Oletros]

Trojan software exists on ALL systems. This is nothing new.

Anyone can write a program on Windows/Unix/OS X to do ANYTHING. That's really the point of personal computers. There is nothing Apple/Microsoft or anyone can do to stop this outside of using their approved app stores where they can take down a malicious app like this.

This article is just iHater bait to people who don't understand how software works. A virus or worm is a different thing. A trojan - can happen to any operating system at any time. A trojan is basically software that says it does one thing then actually does something else. That's what Apple's App Store helps avoid, apps like this. This proves, again, that the Apple closed app store protects users better.

I will save this post when there is another malware thread not regardiong OS X or iOS

 

[ulyssesric]

That's what makes it even more hilarious. The report is making it seem like a signed enterprise profile is the key to the kingdom. It's not. the user still has to install the profile. The only difference is that the profile will appear as signed vs a profile that isn't signed.

So just to reiterate, the app is mysteriously loaded after a user downloads a malicious app. They'd need to open it, approve it, AND approve the installation of the enterprise profile. If it's jailbroken (and hence the safeguards are disabled, root account available (root|pw:alpine) then the app can do a little more work on the back end but the app still needs to be loaded.

Got it. Thank you!

I've read that Enterprise Profile will expire in short time (less than one year). Is it possible for Apple to force disable these profiles to stop this EBKAC malware ?

 

[gnasher729]

What does jailbreaking have to do with this? Obviously use a known tool but other than that this is an over-reactive comment.

There are people being paranoid about the NSA having backdoors in Apple servers, even though that is unlikely because Apple will do anything they can to prevent this.

It should be obvious that it is much, much easier for the NSA to put pressure on some people who created a jailbreak and modify it so that a jailbroken iOS device will give all your information to the NSA. Much easier. (Alternative to pressure is $1,000,000 which is nothing to the NSA).

It should also be obvious that anyone doing a jailbreak can do _anything_ they want to your phone.

----------

Got it. Thank you!

I've read that Enterprise Profile will expire in short time (less than one year). Is it possible for Apple to force disable these profiles to stop this EBKAC malware ?

Yes. If the profile was stolen by some employee of some enterprise, that enterprise will be unhappy because their legitimate stuff also stops working.

 

[Zxxv]

What's a cable? What's a USB cable contecting a iPhone to a Mac? Why? Wasn't that 2002 or something?

 

[gnasher729]

I thought that's why Apple controlled everything you can do with your Apple phone, so this wouldn't happen.

It seems like more incompetence under Cook.

We know that you take any opportunity to throw mud at Apple.

Apple has very valuable feature for companies employing iPads: The "Enterprise license". A company can buy an "Enterprise license" and then can develop their own iOS software and install it on their devices. The user has to accept an "Enterprise profile" from their company on their device to make this work.

So someone here is using a stolen "Enterprise profile", and tricks people into installing it on their iOS devices. That's the same as if you were to accept an "Enterprise profile" from your competitor's company.

 

[Ploki]

If you don't have any anti virus apps, really, you don't know if you never been hit by malware.

Oh the logic "I had no virus since I installed the antivirus software, therefore antivirus software must be doing its job".
I suggest you install an anti-bear software to your computer.

+1 to this. Without any anti virus apps, you don't know that for a fact.

you can actually if you know a little bit about OS X, and especially what not to download. You can smell suspicious stuff on the internet if you're not completely inept at computing.

On my Windows 7 laptop, I've had zero viruses in over 2.5 years (plus other years with Windows) despite Windows being so 'virus prone.'

of course not. I had 0 viruses on windows before going to Mac too, because I can tell malware from software.

Antivirus software and closed-systemsare for people who don't know how computers work, as simple as that.

 

[DCIFRTHS]

Would someone please explain to me how a third party app can be installed on iOS? I thought that third party apps could not be installed unless the device was jail broken.

 

[Nightarchaon]

applebola




-

Hats off to you sir, you have won the internets today

 

[MH01]

We gave jobs to them that just a few decades ago china had nothing to offer except fireworks! This is how they repay us in the many cruel ways that they have and the west refuses to wake up to what it's done to themselves! This could all be reversed.

Either you did not read the story, or just jumped onto you one of your Anti-Chinese rants cause you saw china somewhere in the text.

Derogatory comment mate! All china could offer the world a few decades ago was fireworks? US Education system has failed you again bud!

I would be careful with your Anti-Chinese sentiment, its bordering on breaking MR posting rules.

 

[DCIFRTHS]

http://app.maiyadi.com

Does anyone think that there are "drive by" risks by visiting a site like the one above?

 

[nutjob]

We know that you take any opportunity to throw mud at Apple.

Apple has very valuable feature for companies employing iPads: The "Enterprise license". A company can buy an "Enterprise license" and then can develop their own iOS software and install it on their devices. The user has to accept an "Enterprise profile" from their company on their device to make this work.

So someone here is using a stolen "Enterprise profile", and tricks people into installing it on their iOS devices. That's the same as if you were to accept an "Enterprise profile" from your competitor's company.

And you take any opportunity to defend Apple, no matter how incompetent they are. I guess you want everyone to agree with you. Good luck with that.

Apple has make the iPhone closed and carefully controlled in the name of security. We can now see that was just more of Jobs' BS, designed only to have control for control's sake and to increase profits and reduce interoperability and thus competition. In reality they've left gaping security holes like this one. They just didn't bother to implement any security for it, pure and simple. If it were anyone else there would be no question of the company's incompetence, but this is Apple, so they can do no wrong.

Anyone without blinkers on already knows what Apple's agenda is here, everyone else seems to lap up Apple marketing.

 

[Michaelgtrusa]

And you take any opportunity to defend Apple, no matter how incompetent they are. I guess you want everyone to agree with you. Good luck with that.

Apple has make the iPhone closed and carefully controlled in the name of security. We can now see that was just more of Jobs' BS, designed only to have control for control's sake and to increase profits and reduce interoperability and thus competition. In reality they've left gaping security holes like this one. They just didn't bother to implement any security for it, pure and simple. If it were anyone else there would be no question of the company's incompetence, but this is Apple, so they can do no wrong.

Anyone without blinkers on already knows what Apple's agenda is here, everyone else seems to lap up Apple marketing.

Something tells me, you ain't seen nothing yet.

 

[spacemanspifff]

I thought maybe some people would like to know how to check that they don't already have it on their mac.

Go here: https://github.com/PaloAltoNetworks-BD/WireLurkerDetector

Easiest way is to Download the ZIP (Button on Right)

Once it's downloaded and unzipped you'll have a folder named: WireLurkerDetector-master

Open your Terminal app, open the downloaded folder, drop the file named: WireLurkerDetectorOSX.py into the Terminal window - this will run the script and report the results.

Mine was clear!

 

[5232152]

This is what everyone who always complain about Apple's vice-grip on openness doesn't understand. If you stick with the Apple pre-approved things you're safe 99.99% of the time. It's only when you open yourself to third party apps that you run the risk of malware. It can't exist without you opening the door to it.

Kim Jong-Un would be proud.
Do as you are told, don't think that any alternatives are any better....

 

[CFreymarc]

Sponsored by the Chinese government

That or a special cooked up by our boys at Ft. Mead.

 

[Mascots]

Yes. If the profile was stolen by some employee of some enterprise, that enterprise will be unhappy because their legitimate stuff also stops working.

The owners could simply push out a new one without really any trouble...

 

[doctor-don]

I thought maybe some people would like to know how to check that they don't already have it on their mac.

Go here: https://github.com/PaloAltoNetworks-BD/WireLurkerDetector

Easiest way is to Download the ZIP (Button on Right)

Once it's downloaded and unzipped you'll have a folder named: WireLurkerDetector-master

Open your Terminal app, open the downloaded folder, drop the file named: WireLurkerDetectorOSX.py into the Terminal window - this will run the script and report the results.

Mine was clear!

And then you will be able to say you have been infected by the WireLurker that you thought would never affect you.