Researchers at security company Palo Alto Networks report they've found new malware that targets Apple's iPhone and iPad. The malware, called WireLurker, moves from Mac computers to iPhones and iPads through USB cables. Palo Alto Networks called it "a new era in malware" that represents "a potential threat to businesses, governments, and Apple customers worldwide." Don't freak out just yet.
Palo Alto Networks discovered the malware back in June. It came across the malware in the Maiyadi App Store, which it described as a China-based third-party application store for Apple computers. The researchers found 467 infected apps that were downloaded more than 356,000 times. The impact could be big if Palo Alto Networks' claims are indeed true.
What does WireLurker do? Palo Alto Networks said it is the first known malware family that can infect installed iOS applications similar to traditional viruses. It can install third-party applications on non-jailbroken iOS devices through enterprise provisioning. That's significant. Non-jailbroken phones have long been considered safe from malicious attacks. In fact, WireLurker is able to trick people into thinking it is a legit app when distributed via enterprise networks. Palo Alto Networks said WireLurker is the second-known malware family that attacks iOS devices through OS X and USB, and it is the first that can automatically generate malicious iOS apps through binary file replacement. In other words, in can wreak havoc if it spreads.
[Apps stores aren't the only place where you can find trouble. Read 4 Ways to Avoid Malicious Links on Social Media.]
"WireLurker is unlike anything we've ever seen in terms of Apple iOS and OS X malware," said Ryan Olson, intelligence director at Palo Alto Networks. "The techniques in use suggest that bad actors are getting more sophisticated when it comes to exploiting some of the world's best-known desktop and mobile platforms. As such, we have provided full protection to Palo Alto Networks customers and published a detailed report so others can assess the risk and take appropriate measures to protect themselves." Apple has not yet commented publicly on the matter.
Palo Alto Networks has compiled a report on WireLurker. It is accessible here, though the report is not free.
Security researchers have offered some basic recommendations, however, that should prevent WireLurker from spreading. For example, it advises people to stay away from third-party app stores. Use only Apple's app store for discovering new desktop applications. Further, make sure your operating systems are up to date, as Apple continually provides patches therein. Don't plug your iPhone or iPad into an untrusted Mac computer. Most importantly, don't accept an unknown enterprise-provisioned app unless you're absolutely sure it's coming from a legit source, or your IT department tells you so.
Malware targeting OS X and iOS is indeed rare and it should be taken seriously if Palo Alto Networks' claims are true. This is something IT will probably need to stay up to speed on.
Considering how prevalent third-party attacks are, we need to ask hard questions about how partners and suppliers are safeguarding systems and data. In the Partners' Role In Perimeter Security report, we'll discuss concrete strategies such as setting standards that third-party providers must meet to keep your business, conducting in-depth risk assessments -- and ensuring that your network has controls in place to protect data in case these defenses fail. (Free registration required.)