Researchers Discover New 'WireLurker' Malware Affecting Macs and iOS Devices in China [Updated]

[Nungster]

Trojan software exists on ALL systems. This is nothing new.

Anyone can write a program on Windows/Unix/OS X to do ANYTHING. That's really the point of personal computers. There is nothing Apple/Microsoft or anyone can do to stop this outside of using their approved app stores where they can take down a malicious app like this.

This article is just iHater bait to people who don't understand how software works. A virus or worm is a different thing. A trojan - can happen to any operating system at any time. A trojan is basically software that says it does one thing then actually does something else. That's what Apple's App Store helps avoid, apps like this. This proves, again, that the Apple closed app store protects users better.

And also in this case, the user had to connect to a "special" app store to download an OS X app. Not to mention, this malware is largely targeting the identity and SMS of the victim. This is very Big Brother type of info-hacking. I feel for the Chinese citizen.

 

[Glassed Silver]

there is too much misconception in here. With due respect, it isn't jailbreaking that breaks down your security or puts you at risk.

Well, if you load anything on Cydia or sideload otherwise, you will be exposed to greater risks.
Apps you load have access to more APIs, can access your whole filesystem, they live outside the sandbox, etc etc...

Sure, if you trust the developer and he doesn't betray that trust it's all good, but it's obvious that having jailbroken your device SIMPLIFIES the potential dangers of unsigned code.
Yes, an unjailbroken device can be hacked as well, but it's not nearly as simple as has been described earlier on.
Also, yes, it's well possible to have a reasonably safe experience with a jailbreak, but anyone saying it's just as safe, at least for Average Joe, is lying to themselves.

Glassed Silver:mac

 

[OldSchoolMacGuy]

Chinese government has been using this for a long time now. Very familiar with those that developed it for them.

 

[Michaelgtrusa]

Chinese government has been using this for a long time now. Very familiar with those that developed it for them.

Sun Microsystems wrote that firewall for them in the 90's One of the most advanced software programs in history.

 

[OldSchoolMacGuy]

Sun Microsystems wrote that firewall for them in the 90's One of the most advanced software programs in history.

When we started developing things for their government, it was great. No worrying about how your product may be used to violate someone's rights because they have no rights.

 

[linuxcooldude]

Apple has make the iPhone closed and carefully controlled in the name of security. We can now see that was just more of Jobs' BS, designed only to have control for control's sake and to increase profits and reduce interoperability and thus competition. In reality they've left gaping security holes like this one. They just didn't bother to implement any security for it, pure and simple. If it were anyone else there would be no question of the company's incompetence, but this is Apple, so they can do no wrong.

Anyone without blinkers on already knows what Apple's agenda is here, everyone else seems to lap up Apple marketing.

I suppose Apple requiring all apps to be sandboxed in the App store had nothing to do with security. Or twisting it to fit your own agenda.

 

[macfacts]

This is what everyone who always complain about Apple's vice-grip on openness doesn't understand. If you stick with the Apple pre-approved things you're safe 99.99% of the time. It's only when you open yourself to third party apps that you run the risk of malware. It can't exist without you opening the door to it.

The same on android if you only download apps from Google's play store, yet the majority here will say android is full of malware.

 

[GGJstudios]

These kind of comments are concerning to me because Mac/iOS users seem to have a (false) sense of security. If a real threat were to hit Apple, OS X or iOS or both, would users be prepared? If you don't have any anti virus apps, really, you don't know if you never been hit by malware.
+1 to this. Without any anti virus apps, you don't know that for a fact.

This is nonsense. Running an antivirus app does not provide assurance that malware is not present, as such apps have less than 100% detection rates. In fact, there have been instances where practicing safe computing alone provided protection against malware that no antivirus app detected. If you want to have a false sense of security, install an antivirus app and proceed, thinking you're safe. If you want to be responsibly safe, practice safe computing and stay abreast of new developments in the malware environment.

Macs are not immune to malware, but no true viruses exist in the wild that can run on Mac OS X, and there never have been any since it was released over 12 years ago. The only malware in the wild that can affect Mac OS X is a handful of trojans, which can be easily avoided by practicing safe computing (see below). 3rd party antivirus apps are not necessary to keep a Mac malware-free, as long as a user practices safe computing, as described in the following link.

​

Read the What security steps should I take? section of the Mac Virus/Malware FAQ for tips on practicing safe computing.

 

[aliensporebomb]

Sure

Sure seems like it was designed to get the average chinese citizen who wants "privacy and transparency" to load it so their government (or secret police type agency) can snoop on them "in case they're doing bad things".

No different than the NSA here except they're using social engineering to get people to install it. Clever.

So, the thought would be: if you don't want this malware on your phone don't go to weird unofficial app stores.

Apple will try to close the loophole and then the chinese hackers will try to find a new loophole. It will be an endless shell game.

Can't engineer out human nature.

 

[ilfn143]

don't do crack apps

 

[too many Macs]

I dont connect to my iPhone and thanks for the compliment

I'd like to know how you can charge your iPhone without a cable.

 

[Zxxv]

I'd like to know how you can charge your iPhone without a cable.

Don't connect to my computer. Transfer wirelessly. Cable is yesteryear.

 

[GGJstudios]

I'd like to know how you can charge your iPhone without a cable.

You can charge an iPhone by plugging directly into an AC outlet, without plugging into a Mac. You can sync the iPhone with the Mac wirelessly.

 

[MagnusVonMagnum]

This is what everyone who always complain about Apple's vice-grip on openness doesn't understand. If you stick with the Apple pre-approved things you're safe 99.99% of the time. It's only when you open yourself to third party apps that you run the risk of malware. It can't exist without you opening the door to it.

My computer would be a lot duller without apps like Handbrake to convert my own Blu-Rays for iTunes use (usually cheaper than buying movies from Apple of lesser quality and that have DRM on them that won't let me use them outside of the Apple ecosphere (bad investment on the future). I wouldn't be able to run my old C64, Amiga and Atari games without "unapproved" apps either. Malware is a minimal risk with known apps, especially with the Mac.

 

[Tech198]

Well. the problem here, is the China store is not looking for malware in the first place

 

[ksuyen]

I thought that's why Apple controlled everything you can do with your Apple phone, so this wouldn't happen.

It seems like more incompetence under Cook.

Oh really? I am not aware that Apple controlled everything I can do with my Apple phone, where do you get that from? From Samsung bad PR?

In most cases (if not all), users create their own problem.

 

[AFDoc]

Thought mac's didn't get viruses......

 

[GGJstudios]

Thought mac's didn't get viruses......

They can, but they don't, since there are no OS X viruses in the wild, and there never have been any.

 

[djgamble]

So can I get this straight? My understanding is that basically in China people don't pay for apps (just like any other developing country where the only people who can afford iPhones are filthy rich due to grey money and are violently opposed to buying stuff legitimately), they all go and use this 'Mayadi' app 'store' to grab a bunch of cracked $0.99 apps made by poor American students in their dorms... then drop $20 million on foreign investments without any second thought. It's stealing the $0.99 apps where they go wrong... not stealing the $20 million from starving Chinese people to further their foreign property portfolio. [Side note... a Chinese guy in Australia's top 100 rich list (who legitimately setup a successful company) once joked that he's in the wrong industry because all the Chinese billionaires above him on the list made their money by investing in Australian real estate. Or well... 'earning' it in China through grey money and then having it magically appear as billions worth of real estate in Australia].

ANYWAY... Presumably although this works on non-jailbroken devices they're using something similar to that dev certificate hack that allowed non-app store emulators to be installed on iOS devices. Y'know, that one where you changed your date backwards to a date/time (down to the second) when the magical 1-day do all certificate was valid... then jailbreak-style code was injected (and in fact, the same certificate was used for China's first jailbreak... Pangu or whatever it's called).

It may not be the same technique/certificate but I'm guessing this is what's going on! People in China are pirating apps and the pirate app store injects code that they 'trust' because it allows them to install pirated software. HOWEVER!!!! There is no honour amongst thieves. SOMEBODY is distributing punk apps that have malicious code in them (anybody's guess who).

While this is technically a flaw in Apple's security, people need to first compromise Apple's security manually. To be clear IF YOU BUY EVERYTHING FROM THE APP STORE AND STAY AWAY FROM SHONKY CHINESE 'STORES' THAT LET YOU DOWNLOAD EVERY APP AVAILABLE FOR 'FREE' (BY HACKING ITUNES/IOS) THEN YOU ARE 100% SAFE!!! IF YOU LIVE IN CHINA AND HAVE NEVER PIRATED APPS USING MAYADI THEN YOU ARE SAFE!!! IF YOU LIVE IN AUSTRALIA/USA/ENGLAND/NORWAY... ANYWHERE... AND YOU DON'T PIRATE APPS THEN YOU'RE FINE!!!! IF YOU'VE APPLIED A JAILBREAK BUT HAVE NOT PIRATED APPS THEN YOU ARE 100% SAFE!!! THE ISSUE COMES WHEN YOU TRUST PIRATES (WHO BENEVOLENTLY STEAL FROM THE RICH AND GIVE TO EVEN RICHER CHINESE PEOPLE WHO FOR WHATEVER REASON ARE AGAINST PAYING FOR APPS) THEN YOU'RE FAAAAAAAARKED!!

DO NOT PIRATE!!! THAT IS THE MESSAGE!!! APPLE IS 100% SAFE!!! ITS WHEN YOU START STEALING APPS AND BYPASSING APPLE'S SANDBOX USING DODGY HACKS THAT YOU MIGHT START HAVING PROBLEMS!!!

 

[nutjob]

Oh really? I am not aware that Apple controlled everything I can do with my Apple phone, where do you get that from? From Samsung bad PR?

In most cases (if not all), users create their own problem.

Nice, blame the user! "You're holding/using it wrong".

Apple create all the software on the phone, and third party software must be approved by Apple. Thus they control everything you can do with your phone.

Pretty simple, huh?

 

[AppleP59]

Is there any way to see if one is affected?

 

[DCIFRTHS]

Is there any way to see if one is affected?

I would like to know this too.

 

[GGJstudios]

Is there any way to see if one is affected?

I would like to know this too.

Removing Wirelurker from Your iOS or OSX Device

 

[AppleP59]

Removing Wirelurker from Your iOS or OSX Device

Great, thanks.
Just to be sure - to check if you have such files:
Finder > Go > Go To Folder.
Right?

 

[GGJstudios]

Great, thanks.
Just to be sure - to check if you have such files:
Finder > Go > Go To Folder.
Right?

To get to your ~/Library folder in Finder, click Go and hold down the Option key. Library will appear in the dropdown list of locations.