Palo Alto Networks

Palo Alto Networks, a security company, published a new research paper on November 5, which documents a new family of malware called WireLurker affecting Apple devices.

The malware attack originated from a Chinese third-party app store, and has mainly affected users within China. WireLurker can collect information like call logs and phone book contacts on Apple mobile devices; however, apart from making off with this information, it isn’t clear what the attacks’ objective is.

Ryan Olson, intelligence director for Palo Alto Network’s Unit 42, the company’s threat intelligence branch said, “We think we sort of caught someone developing the attack, and they haven’t gotten to the point of launching the full attack. From our perspective, it still looks like an information gathering operation”.

Palo Alto Networks’ report has stated “WireLurker was used to trojanize 467 OS X applications on the Maiyadi App Store, a third-party Mac application store in China. In the past six months, these 467 infected applications were downloaded over 356,104 times and may have impacted hundreds of thousands of users”. The top downloaded apps include The Sims 3, International Snooker 2012 and Pro Evolution 2014.

The malware was able to spread through infected apps that were uploaded to the apps store. These were then downloaded onto Mac computers.

The report states, “WireLurker monitors any iOS device connected via USB with an infected OS X computer and installs downloaded third-party applications or automatically generated malicious applications onto the device, regardless of whether it is jailbroken. This is the reason we call it ‘wire lurker’”.

Regardless of the fact that the malware seems to only be coming from Chinese sources the best way to avoid being infected is to only use trusted sources like the Mac App Store to download your apps.

The issue has been reported to Apple.

photo credit: Stephan Geyer via photopin cc