WireLurker Malware Exploits Mac OS X and iOS Via Trojanized and Re-Packaged Applications

Apple on Thursday announced it is currently taking measures to block apps that contain the so-called "WireLurker" malware, which transmits from a Mac to iOS devices over USB.

Apple confirmed that the malicious software is "available from a download site aimed at users in China." In order to stop the spread of the "WireLurker" malware, Apple has blocked the applications in question, and is preventing the questionable apps from launching on Macs.

A total 467 infected applications have been discovered on the Chinese Maiyadi App Store for Mac OS X systems -- and unofficial third-party store that doesn't meet the security specifications of the official Mac App Store, which controls app approval. Collectively the apps have been downloaded over 356,000 times.

Palo Alto Networks found that WireLurker has been active in China for the past six months, first infecting Macs by inserting trojan software through repackaged OS X apps, then moving on to iOS devices over wired USB when Apple iPads and iPhones are connected to Macs. Palo Alto Networks announced the malware Wednesday. Palo Alto learned that a developer at Tencent Holdings Ltd. first made note of the threat in June, and then threads on Apple forums started disclosing messages about the installation of strange applications and the creation of enterprise provisioning profiles.

Palo Alto threat intelligence team Unit 42 reported WireLurker is the first known malware family that can infect installed iOS applications similar to how a traditional virus would, and it’s only the second-known malware family that can attack iOS devices through OS X — the operating system that powers every Apple Mac.kll

WireLurker can access sensitive data such as viewing user contacts data or iMessages, and it can also ping a remote server for command-and-control operations. Palo Alto Networks estimates that the 467 infected OS X applications could have been downloaded more than 350,000 times in the past six months, potentially affecting "hundreds of thousands of users."

Palo Alto Networks is a network security company which provides advanced firewalls.

See also ...
palo alto networks