The superiority of Apple as most malware-secure OS provider may soon come to an end after researchers at Palo Alto Networks unearthed a new sophisticated malware targeting iPhone and Mac OS. WireLurker malware has been around for the last six months and shows “characteristics unseen in any previously documented threats targeting Apple platforms” according to a 40 page report by PAN.
The Malware which originates from a Chinese app store is capable of stealing an array of sensitive information from an infected device. It is controlled remotely and “regularly requests updates from the attacker’s command and control server,” said PAN researchers adding that Wirelurker was still advancing and could be more severe in later versions.
WireLurker Trojanized 467 OS apps in Maiyadi Chinese App store infecting over 300,000 users who download led the Apps. Once an OS computer is infected, the malware monitors all OS devices connected to the computer via USB and “installs downloaded third-party applications or automatically generated malicious applications onto the device, regardless of whether it is jailbroken. This is the reason we call it “wire lurker”,” read PAN’s blog.
Although researchers are yet to observe any large scale utilization of the malware, they warned that Wirelurker is the most sophisticated malware exhibiting “complex code structure, multiple component versions, file hiding, code obfuscation and customized encryption to thwart anti-reversing,” presenting a global threat to Business, Governments and individual OS users.
“WireLurker is unlike anything we’ve ever seen in terms of Apple iOS and OS X malware,” Palo Alto’s Ryan Olson said. “The techniques in use suggest that bad actors are getting more sophisticated when it comes to exploiting some of the world’s best-known desktop and mobile platforms.”
In a statement, Apple have assured users that the WireLurker malware has been neutralized and advised OS users to avoid downloading Apps from third party App stores. “We are aware of malicious software available from a download site aimed at users in China, and we’ve blocked the identified apps to prevent them from launching. As always, we recommend that users download and install software from trusted sources,” said an Apple spokesperson.
Security experts believe WireLurker is more likely to rake havoc in emerging Asian markets including China and Mainland Hong Kong where jail-breaking is common. “Third-party applications don’t pose as much of a threat in the U.S. and other Western countries where Apple users tend to be loyal to the Apple App Store. But it has become a problem in emerging markets, where incidents of malware originating from third-party sites tend to be much higher,” noted Jennifer Booton from MarketWatch.
Other industry experts have warned that the WireLurker is more likely to be used by notorious National Security Agency NSA and the British intelligence agency to spy on Apple users, especially after Apple move to encrypt its customers’ data locking out the snoopy agencies.
Diagnosing for the WireLurker malware is difficult and expensive because WireLurker eats up other Applications in the infected device. More importantly, OS users should avoid Jail-breaking their devices and downloading Apps from untrusted sources in third party App stores. Some of the mitigation tips published by Palo Alto Networks include;
- In the OS X System Preferences panel under “Security & Privacy,” ensure “Allow apps downloaded from Mac App Store (or Mac App Store and identified developers)” is set
- If you do jailbreak, only use credible Cydia community sources and avoid the use or storage of sensitive personal information on that device.
- Avoid powering your iOS device through chargers from untrusted or unknown sources or connecting iOS devices with untrusted or unknown accessories or computers (Mac or PC)
- Employ an antivirus or security protection product for the Mac OS X system and keep its signatures up-to-date. Also always ensure your device traffic is routed through a threat prevention system.