There’s a bad bug out there to get your iPhone, iPad and iWhat-so-ever-it-is. The WireLurker, as they are calling it, is a new member of the trojanized family of malware that has been infecting iOS and Mac OS for quite some time now.
How does WireLurker chew at the Apple?
The bug was recently discovered by the researchers of Palo Alto Networks, the cyber security tool makers. It has been found that WireLurker travels via USB cables from OS X Yosemite to iOS and Mac OS devices. Currently, it is highly active in China via the Maiyadi App Store, the third-party source for OS X.
The malware spreads from infected computers running on OS X to iOS devices over USB connections, rewriting programs on that device through the method of binary file replacement. In other words, it installs third-party apps on Apple mobile devices that are extremely malicious. This remarkable ability of the WireLurker to sense USB connections has earned it its apt nomenclature.
Jailbroken or not, does it matter?
WireLurker has set the records for being the first of its kind to infect the much protected iPhones, especially the ones jailbroken. Although this is something very negative, it still deserves a salute, reason being the ever stringent and protected iOS that has finally been breached at long last.
For non-jailbroken iPhones, the WireLurker loads a comic book app, a non-malicious one, using an enterprise provisioning system which is hardly scanned. The app store approval process, thus, is given a regrettable miss. This seems like a testing procedure done to see if the system works, before ultimately using it for some greater damage purpose.
WireLuker, on the other hand, for jailbroken phones, rewrites the apps on the device as described earlier. These apps have included the TaoBao and AliPay apps which are rich in payment information.
What’s the current status?
At present, China is suffering a lot because of the WireLuker. Palo Alto Network has called the malware as the “biggest in scale” ever witnessed. A huge flaw in Apple’s protective shell been pointed out, Palo Alto Networks is offering a number of suggestions to steer clear of the bug. An antivirus has been recently developed along with suggested restrictions in Mac App Store installation with the hope of keeping away apps of anonymous third-parties from getting installed.
Users are being requested not to download or run Mac apps and games from unknown sources. Above all, jailbreaking iPhones has been strictly discouraged, given that WireLurker has its worst effect on jailbroken iPhones.
And then, enterprise provisioning options are to be given a definite miss with users avoiding connecting their iOS devices to unknown or infected OS X computers. This included charging iPhones via unknown computers too. Adding to that, Palo Alto Networks has also said that the big motive behind such huge an invasion is still unclear. But, because the code is undergoing continuous updates, it still has been considered to be an active entity capable of more severe damage.
Surprisingly, Apple has chosen to stay mum on this. Even after being informed about all the damage done and the more to come.
A post by Chayanika Deka. 7th of November, 2014.