WireLurker: Malicious software targets Apple users in China
Thu 6 Nov 2014

A new breed of malware has been discovered designed to hack Apple devices through the Mac OS X operating system, security group Palo Alto Networks has found.
The malware, known as ‘WireLurker,’ is able to install infected applications onto Apple desktop and mobile operating systems – adding malicious code to legitimate apps – and can spread easily across devices through USB cables, explained Ryan Olson, intelligence director at Palo Alto Networks’ threat research team.
The malware campaign has been found to originate from the Maiyadi App Store, a Chinese third-party apps store, and has so far only affected Apple users within China.
The malware is able to diffuse through infected apps, which are uploaded to the Maiyadi store and downloaded onto Mac devices. According to the security division, 467 infected apps have already been downloaded over 350,000 times, and “may have impacted hundreds of thousands of users.”
The Palo Alto Network research team also claim that the virus is able to hack Apple phones regardless of whether they are ‘jailbroken’ or not. As is normally the case, Mac users can only download apps from third-party stores onto their phones if they are ‘jailbroken’, or if they have been modified to run unauthorised software. WireLurker, however, can access a non-jailbroken phone from infected Mac desktops via USB connectors.
The objective of the attack remains unclear. “There is no evidence that the attackers had made off with anything more sensitive than messaging IDs and contacts from users’ address books,” said Olson.
Although the malicious software is new to Apple, this type of threat has been around since 2003, revealed Palo Alto Networks.
“Even though this is the first time this is happening […] it demonstrates to a lot of attackers that this is a method that can be used to crack through the hard shell that Apple has built around its iOS devices,” said Olson.
“The tech that we’re seeing here brings Mac and iOS much closer [to viruses infecting Windows and Android products],” he added.
Apple has been notified of the attacks, but is yet to provide comment.