WireLurker, a new malware generation?

Lately, many security issues that affect Apple’s products were discovered by security researchers.

Palo Alto Networks has published a research paper about the first of a new family of malware targeting both OSX and iOS systems, called “Wirelurker”.

OSX Malware

WireLurker was used to trojanize 467 OS X applications on the Maiyadi App Store, a third-party Mac application store in China. In the past six months, these 467 infected applications were downloaded over 356,104 times and may have impacted hundreds of thousands of users.

How it works?

WireLurker monitors any iOS device connected via USB with an infected OSX computer and installs downloaded third-party applications (or automatically generated malicious applications) onto the device, regardless of whether it is jailbroken.

Typically, iOS users can download applications from third parties only if they have jailbroken their phones: with WireLurker, an infected application can reach a non-jailbroken phone from an infected Mac OS X system.

How to protect yourself?

Palo Alto Networks recommends:

  • Employ an antivirus or security protection product for the Mac OS X system and keep its signatures up-to-date

  • In the OS X System Preferences panel under “Security & Privacy,” ensure “Allow apps downloaded from Mac App Store (or Mac App Store and identified developers)” is set

  • Do not download and run Mac applications or games from any third-party app store, download site or other untrusted source

  • Keep the iOS version on your device up-to-date

  • Do not accept any unknown enterprise provisioning profile unless an authorized, trusted partyexplicitly instructs you to do so

  • Do not pair/powering your iOS device with untrusted or unknown computers or devices and avoid connecting iOS devices with untrusted or unknown accessories or computers (Mac or PC)

  • Do not jailbreak your iOS device

Published: November 06 2014